mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-03 06:47:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: reject unknown tags in message_get to prevent va_arg desync

Browse source 
The switch in message_get had no default case. An unrecognized tag byte
from a malicious client would skip the switch body without consuming
the va_arg parameter, desynchronizing all subsequent argument reads
and causing undefined behavior.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-30 09:14:08 +02:00
parent d4a1278018
commit 0ae17566f2
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/modules/module-protocol-pulse/message.c
View file

@ -361,6 +361,8 @@ int message_get(struct message *m, ...)
if ((res = read_format_info(m, va_arg(va, struct format_info*))) < 0) if ((res = read_format_info(m, va_arg(va, struct format_info*))) < 0)
goto done; goto done;
break; break;
default:
goto invalid;
} }
} }
res = 0; res = 0;