You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The getPortName functions of the JACK backend use the port number unchecked and thus may read after the end of the ports array without notice.
This may be a security issue for applications that allow remote access to the port selection.
Note: There is no way to protect the code from the application side. The JACK backend suffers from the same race condition as the ALSA backend: If a port is added or removed between two calls to RtMidi the serial port number may have changed some ports may have been removed from the list. New ports might appear if the type of ports is changed during runtime and – depending on the internal operation of jack_get_ports – if a client adds ports (I didn't check the latter as it doesn't change much). Thus, it is not possible to circumvent this problem using getPortCount().
P.S.: I noticed this issue while writing the JACK implementation for #21 .
The text was updated successfully, but these errors were encountered:
The getPortName functions of the JACK backend use the port number unchecked and thus may read after the end of the ports array without notice.
This may be a security issue for applications that allow remote access to the port selection.
Note: There is no way to protect the code from the application side. The JACK backend suffers from the same race condition as the ALSA backend: If a port is added or removed between two calls to RtMidi the serial port number may have changed some ports may have been removed from the list. New ports might appear if the type of ports is changed during runtime and – depending on the internal operation of jack_get_ports – if a client adds ports (I didn't check the latter as it doesn't change much). Thus, it is not possible to circumvent this problem using getPortCount().
P.S.: I noticed this issue while writing the JACK implementation for #21 .
The text was updated successfully, but these errors were encountered: