Bug 1349527 - Remove an extra +1 in cubeb_log_message::cubeb_log_message()
Fix an out-of-bounds write by removing and extra +1 which was causing a \0
to be written out of |storage| in edge cases.
MozReview-Commit-ID: AStn2zWw6i8
--- a/media/libcubeb/src/cubeb_log.cpp
+++ b/media/libcubeb/src/cubeb_log.cpp
@@ -42,17 +42,17 @@ public:
{
size_t length = strlen(str);
/* paranoia against malformed message */
assert(length < CUBEB_LOG_MESSAGE_MAX_SIZE);
if (length > CUBEB_LOG_MESSAGE_MAX_SIZE - 1) {
return;
}
PodCopy(storage, str, length);
- storage[length + 1] = '\0';
+ storage[length] = '\0';
}
char const * get() {
return storage;
}
private:
char storage[CUBEB_LOG_MESSAGE_MAX_SIZE];
};