File CVE-2018-19800-tempo-fix-buffer-overflow-in-method-parser.patch of Package aubio.openSUSE_Leap_42.3_Update

From b1559f4c9ce2b304d8d27ffdc7128b6795ca82e5 Mon Sep 17 00:00:00 2001
From: Paul Brossier <piem@piem.org>
Date: Sat, 24 Nov 2018 17:17:29 +0100
Subject: [PATCH] [tempo] fix buffer overflow in method parser

---
 src/tempo/tempo.c |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

--- a/src/tempo/tempo.c
+++ b/src/tempo/tempo.c
@@ -161,7 +161,7 @@ aubio_tempo_t * new_aubio_tempo (char_t
     uint_t buf_size, uint_t hop_size, uint_t samplerate)
 {
   aubio_tempo_t * o = AUBIO_NEW(aubio_tempo_t);
-  char_t specdesc_func[20];
+  char_t specdesc_func[PATH_MAX];
   o->samplerate = samplerate;
   /* length of observations, worth about 6 seconds */
   o->winlen = aubio_next_power_of_two(5.8 * samplerate / hop_size);
@@ -180,9 +180,10 @@ aubio_tempo_t * new_aubio_tempo (char_t
   o->pp       = new_aubio_peakpicker();
   aubio_peakpicker_set_threshold (o->pp, o->threshold);
   if ( strcmp(tempo_mode, "default") == 0 ) {
-    strcpy(specdesc_func, "specflux");
+    strncpy(specdesc_func, "specflux", PATH_MAX - 1);
   } else {
-    strcpy(specdesc_func, tempo_mode);
+    strncpy(specdesc_func, tempo_mode, PATH_MAX - 1);
+    specdesc_func[PATH_MAX - 1] = '\0';
   }
   o->od       = new_aubio_specdesc(specdesc_func,buf_size);
   o->of       = new_fvec(1);