flacenc: avoid potential string overflow

We don't necessarily have full control over the input tags, so it's possible that the ISRC tag contains a longer string than expected, in which case we'd write over the end of the static-size 13 byte buffer that is FLAC__StreamMetadata_CueSheet_Track::isrc. Make sure to only copy the ISRC if it's not too long, and make sure the buffer we write to is always NUL-terminated by using g_strlcpy(). CID 1324931.
author: Tim-Philipp Müller <tim@centricular.com> 2015-09-28 20:25:22 +0100
committer: Tim-Philipp Müller <tim@centricular.com> 2015-09-29 11:19:03 +0100
commit: 8a86b26424212d79011a2587bc4571bb2161f479 (patch)
tree: a5a12ed8f1f20e96d4b26e01775230615fe63e28 /ext
parent: 0413802c6057b6c65481274cfef463f63042ad0b (diff)
download: gstreamer-plugins-good-8a86b26424212d79011a2587bc4571bb2161f479.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/ext/flac/gstflacenc.c b/ext/flac/gstflacenc.c
index 8be058a00..dae0172a0 100644
--- a/ext/flac/gstflacenc.c
+++ b/ext/flac/gstflacenc.c
@@ -528,8 +528,8 @@ add_cuesheet (const GstToc * toc, guint sample_rate,
         (FLAC__uint64) gst_util_uint64_scale_round (start, sample_rate,
         GST_SECOND);
     track->number = (FLAC__byte) track_num + 1;
-    if (isrc)
-      strcpy (track->isrc, isrc);
+    if (isrc != NULL && strlen (isrc) <= 12)
+      g_strlcpy (track->isrc, isrc, 13);
     if (track->number <= 0)
       return FALSE;
     if (!FLAC__metadata_object_cuesheet_insert_track (cuesheet, track_num,
author	Tim-Philipp Müller <tim@centricular.com>	2015-09-28 20:25:22 +0100
committer	Tim-Philipp Müller <tim@centricular.com>	2015-09-29 11:19:03 +0100
commit	8a86b26424212d79011a2587bc4571bb2161f479 (patch)
tree	a5a12ed8f1f20e96d4b26e01775230615fe63e28 /ext
parent	0413802c6057b6c65481274cfef463f63042ad0b (diff)
download	gstreamer-plugins-good-8a86b26424212d79011a2587bc4571bb2161f479.tar.gz