mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2025-10-29 05:40:27 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

pipewire: mem: refuse invalid file mapping

Browse source 
Refuse to map a file if the specified `offset + size` would
be bigger than the size of the file. This prevents receiving
SIGBUS when the consumer tries to make an incorrect mapping.

See #2617 #2914 #3007
This commit is contained in:
Barnabás Pőcze 2023-02-03 22:44:32 +01:00
parent d42656c0d9
commit 06df127ad9
1 changed files with 18 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/pipewire/mem.c
View file

@ -33,6 +33,7 @@
#include <unistd.h>
#include <stdlib.h>
#include <sys/syscall.h>
#include <sys/stat.h>
#include <spa/utils/list.h>
#include <spa/buffer/buffer.h>
@ -363,6 +364,23 @@ struct pw_memmap * pw_memblock_map(struct pw_memblock *block,
struct mapping *m;
struct memmap *mm;
struct pw_map_range range;
struct stat sb;
if (fstat(b->this.fd, &sb) != 0)
return NULL;
const bool valid = (int64_t) offset + size <= (int64_t) sb.st_size;
pw_log(valid ? SPA_LOG_LEVEL_DEBUG : SPA_LOG_LEVEL_ERROR,
"%p: block %p[%u] mapping %" PRIu32 "+%" PRIu32 " of file=%d/%" PRIu64 ":%" PRIu64 " with size=%" PRId64,
block->pool, block, block->id,
offset, size,
block->fd, (uint64_t) sb.st_dev, (uint64_t) sb.st_ino,
(int64_t) sb.st_size);
if (!valid) {
errno = -EINVAL;
return NULL;
}
pw_map_range_init(&range, offset, size, p->pagesize);