New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix buffer overflow causing heap corruption #62

Open
wants to merge 2 commits into
base: master
from

Conversation

Projects
None yet
1 participant
@lano1106

lano1106 commented Dec 12, 2013

in src/hook/alsa.c: Is allocating len bytes for device name contained
in '-a' option values. Last char index is len-1 and code NULL terminate
the string one byte after the end of the array.

I have documented the possible effect of the buffer overflow here:
http://blog.olivierlanglois.net/index.php/2013/12/11/deadlock_when_using_glc

Micro optimization: I have replaced malloc+memset combo with calloc:
Rationale documented here:
http://blog.olivierlanglois.net/index.php/2013/12/11/malloc_memset_vs_calloc_which_is_better

in src/glc/common/log.c: Make log file stream line buffered (like stderr) to see traces
as they happen.

lano1106 and others added some commits Dec 12, 2013

Fix buffer overflow causing heap corruption
in src/hook/alsa.c: Is allocating len bytes for device name contained
in '-a' option values. Last char index is len-1 and code NULL terminate
the string one byte after the end of the array.

I have documented the possible effect of the buffer overflow here:
http://blog.olivierlanglois.net/index.php/2013/12/11/deadlock_when_using_glc

Micro optimization: I have replaced malloc+memset combo with calloc:
Rationale documented here:
http://blog.olivierlanglois.net/index.php/2013/12/11/malloc_memset_vs_calloc_which_is_better

in src/glc/common/log.c: Make log file stream line buffered (like stderr) to see traces
as they happen.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment