flacenc: avoid potential string overflow

We don't necessarily have full control over the input tags, so it's possible that the ISRC tag contains a longer string than expected, in which case we'd write over the end of the static-size 13 byte buffer that is FLAC__StreamMetadata_CueSheet_Track::isrc. Make sure to only copy the ISRC if it's not too long, and make sure the buffer we write to is always NUL-terminated by using g_strlcpy(). CID 1324931.
author: Tim-Philipp Müller <tim@centricular.com> 2015-09-28 20:25:22 +0100
committer: Tim-Philipp Müller <tim@centricular.com> 2015-09-28 20:25:22 +0100
commit: 6c0971029228664bcbc10d825a7988e7a45f9e71 (patch)
tree: a9595e9ebc87772fd884d0bca6dd8c7cab9455fd
parent: 1cd4baa16a52d191739deff5b38bc88da67972cb (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/ext/flac/gstflacenc.c b/ext/flac/gstflacenc.c
index 8be058a00..dae0172a0 100644
--- a/ext/flac/gstflacenc.c
+++ b/ext/flac/gstflacenc.c
@@ -528,8 +528,8 @@ add_cuesheet (const GstToc * toc, guint sample_rate,
         (FLAC__uint64) gst_util_uint64_scale_round (start, sample_rate,
         GST_SECOND);
     track->number = (FLAC__byte) track_num + 1;
-    if (isrc)
-      strcpy (track->isrc, isrc);
+    if (isrc != NULL && strlen (isrc) <= 12)
+      g_strlcpy (track->isrc, isrc, 13);
     if (track->number <= 0)
       return FALSE;
     if (!FLAC__metadata_object_cuesheet_insert_track (cuesheet, track_num,
author	Tim-Philipp Müller <tim@centricular.com>	2015-09-28 20:25:22 +0100
committer	Tim-Philipp Müller <tim@centricular.com>	2015-09-28 20:25:22 +0100
commit	6c0971029228664bcbc10d825a7988e7a45f9e71 (patch)
tree	a9595e9ebc87772fd884d0bca6dd8c7cab9455fd
parent	1cd4baa16a52d191739deff5b38bc88da67972cb (diff)