bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#40832: alsa-lib cannot find its plugins

From: Leo Famulari
Subject: bug#40832: alsa-lib cannot find its plugins
Date: Tue, 28 Jul 2020 19:56:23 -0400 
On Tue, Jul 28, 2020 at 12:52:41PM +0200, Danny Milosavljevic wrote:
> some comments on the lastest patch:

Thank you for reviewing the patch!

> * The entire alsa-lib seems to use the idiom "malloc and then strcpy", or
> "malloc and then sprintf", or, worse, "malloc, strcpy and multiple strcat".
> These are a buffer overflow waiting to happen (when changing part of those
> while doing ongoing maintenance;  also the places where they use "+" is not
> checked for overflow).  That said, if they do it, we can do it that way, too.

This confirms what I felt — it's hard to feel confident about the bounds
checking in this code. It seems to be based on the names of the plugin
libraries not exceeding some magic length. It's hard to balance "doing
the right thing" and using upstream's idioms.

When writing the patch, my investigation into the code made decide that
it would not overflow, but now I don't remember why I thought that.

> * The environment variable GUIX_ALSA_PLUGIN_DIRS is only checked if the
> respective file does not exist in alsa-lib.  That is not how environment
> variables usually work--it should be possible to override built-in things
> by setting this environment variable, too.

Good point. I don't remember now if I specifically decided to do things
this way or if it was a side effect of where I inserted the new code.

> * Instead of alloca and strcpy, can just use strdupa.

I didn't know about this function, thanks.

> * strtok_r man page states that the first argument should be NULL on the
> non-first calls.  You do that already, but maybe add a comment why that
> is done where it's set to NULL.

Right.

> * strtok_r man page states that "On some implementations, *saveptr is required
> to be NULL on  the first call to strtok_r() that is being used to parse str.".
> So I'd use "char* saveptr = NULL;"

My Linux 4.16 man pages from Debian don't contain this note. Good to
know!

> * Instead of malloc and sprintf, could just use asprintf.  But they don't,
> so let's not either, for easier review.  Also, magical value 32... sigh.
> Well, they do it, too.

Right...

> * If GUIX_ALSA_PLUGIN_DIRS contained for example "a:" then it would search
> "a" and "/", right?  OK as long as we want that.

I don't remember how it behaves anymore... I'll look into this and
decide.

Thanks again for the review!

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]