Buffer overflow in string_test

[yugr]

The following code in tests/string_test.c will fail to zero-terminate sfname on first iteration which may cause read overflow in psf_store_string:

for (k = 0 ; k < 50 ; k++)
{	const char *result ;
	...
	snprintf (sfname, MIN (k, sizeof (sfname)), "%s", "abcdefghijklmnopqrestvwxyz0123456789abcdefghijklmnopqrestvwxyz") ;
	exit_if_true (sf_set_string (file, SF_STR_SOFTWARE, sfname),

Valgrind report is

==23799== Conditional jump or move depends on uninitialised value(s)
==23799==    at 0x4C30F69: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) 
==23799==    by 0x52808C1: psf_store_string (/build/libsndfile-1.0.25/src/strings.c:42)
==23799==    by 0x401A6B: software_string_test (/build/libsndfile-1.0.25/tests/string_test.c:646)
==23799==    by 0x401A6B: main (/build/libsndfile-1.0.25/tests/string_test.c:81)

The issue has been found using Valgrind (obviously) and debian_pkg_test.

[erikd]

libsndfile-1.0.25 is one release old (1.0.26 was released some time ago) and I cannot reproduce this issue on git HEAD.

[yugr]

True but I've checked that offending code is still there (https://github.com/erikd/libsndfile/blob/master/tests/string_test.c#L684).

[erikd]

Why do you think that code is the problem?

[erikd]

I'm pretty sure commit 8868115 is the one that fixed it.

[yugr]

Got it, sorry for noise.