From 67b422fa187d0049c62ac8e4b87899a5082fbcdd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Barnab=C3=A1s=20P=C5=91cze?= <pobrn@protonmail.com>
Date: Sun, 25 Jul 2021 01:23:52 +0200
Subject: [PATCH] pulse-server: fix potential use of dangling pointer

`getpwuid_r()` puts the strings pointed to from the returned
passwd struct into the specified buffer. Previously, that
buffer technically didn't live long enough to be usable
in the `snprintf()` call - although in practice this didn't
appear to be a problem. A particular version of GCC 11 generates
the same machine code for this function regardless whether
this patch is applied or not. Still, fix this by moving
the buffer to an outer scope.
---
 src/modules/module-protocol-pulse/utils.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/modules/module-protocol-pulse/utils.c b/src/modules/module-protocol-pulse/utils.c
index 72c5e9010..f8a71db8d 100644
--- a/src/modules/module-protocol-pulse/utils.c
+++ b/src/modules/module-protocol-pulse/utils.c
@@ -55,6 +55,7 @@ int get_runtime_dir(char *buf, size_t buflen, const char *dir)
 {
 	const char *runtime_dir;
 	struct stat stat_buf;
+	char buffer[4096];
 	int res, size;
 
 	runtime_dir = getenv("PULSE_RUNTIME_PATH");
@@ -64,7 +65,6 @@ int get_runtime_dir(char *buf, size_t buflen, const char *dir)
 		runtime_dir = getenv("HOME");
 	if (runtime_dir == NULL) {
 		struct passwd pwd, *result = NULL;
-		char buffer[4096];
 		if (getpwuid_r(getuid(), &pwd, buffer, sizeof(buffer), &result) == 0)
 			runtime_dir = result ? result->pw_dir : NULL;
 	}