spa: add and use spa_overflow macros

2026-04-29 06:46:38 -04:00 · 2026-04-24 15:54:15 +02:00 · 2026-04-24 15:54:15 +02:00 · 0f8d5c6e57
commit 0f8d5c6e57
parent 84f8230a47
16 changed files with 149 additions and 50 deletions
--- a/src/modules/module-echo-cancel.c
+++ b/src/modules/module-echo-cancel.c
@ -28,6 +28,7 @@
 #include <spa/support/plugin.h>
 #include <spa/utils/json.h>
 #include <spa/utils/names.h>
+#include <spa/utils/overflow.h>
 #include <spa/utils/result.h>
 #include <spa/utils/ringbuffer.h>
 #include <spa/utils/string.h>
@ -1179,9 +1180,16 @@ static int setup_streams(struct impl *impl)

 	spa_pod_dynamic_builder_clean(&b);

-	impl->rec_ringsize = (size_t)sizeof(float) * impl->max_buffer_size * impl->rec_info.rate / 1000;
-	impl->play_ringsize = (size_t)sizeof(float) * ((size_t)impl->max_buffer_size * impl->play_info.rate / 1000 + impl->buffer_delay);
-	impl->out_ringsize = (size_t)sizeof(float) * impl->max_buffer_size * impl->out_info.rate / 1000;
+	if (spa_overflow_mul(impl->max_buffer_size, impl->rec_info.rate / 1000, &impl->rec_ringsize) ||
+	    spa_overflow_mul(impl->rec_ringsize, (uint32_t)sizeof(float), &impl->rec_ringsize))
+		return -ENOMEM;
+	if (spa_overflow_mul(impl->max_buffer_size, impl->play_info.rate / 1000, &impl->play_ringsize) ||
+	    spa_overflow_add(impl->play_ringsize, impl->buffer_delay, &impl->play_ringsize) ||
+	    spa_overflow_mul(impl->play_ringsize, (uint32_t)sizeof(float), &impl->play_ringsize))
+		return -ENOMEM;
+	if (spa_overflow_mul(impl->max_buffer_size, impl->out_info.rate / 1000, &impl->out_ringsize) ||
+	    spa_overflow_mul(impl->out_ringsize, (uint32_t)sizeof(float), &impl->out_ringsize))
+		return -ENOMEM;
 	for (i = 0; i < impl->rec_info.channels; i++) {
 		impl->rec_buffer[i] = malloc(impl->rec_ringsize);
 		if (impl->rec_buffer[i] == NULL)
--- a/src/modules/module-filter-chain.c
+++ b/src/modules/module-filter-chain.c
@ -15,6 +15,7 @@

 #include <spa/param/latency-utils.h>
 #include <spa/param/tag-utils.h>
+#include <spa/utils/overflow.h>
 #include <spa/param/audio/raw-json.h>
 #include <spa/pod/dynamic.h>
 #include <spa/filter-graph/filter-graph.h>
@ -1764,7 +1765,13 @@ static int setup_streams(struct impl *impl)
 		res = -ENOMEM;
 		goto done;
 	}
-	if ((params = calloc(n_params+1, sizeof(struct spa_pod*))) == NULL) {
+	size_t params_alloc;
+	if (spa_overflow_add((size_t)n_params, (size_t)1, &params_alloc) ||
+	    spa_overflow_mul(params_alloc, sizeof(struct spa_pod*), &params_alloc)) {
+		res = -ENOMEM;
+		goto done;
+	}
+	if ((params = calloc(1, params_alloc)) == NULL) {
 		res = -errno;
 		goto done;
 	}
--- a/src/modules/module-loopback.c
+++ b/src/modules/module-loopback.c
@ -16,6 +16,7 @@
 #include <spa/utils/string.h>
 #include <spa/utils/json.h>
 #include <spa/utils/ringbuffer.h>
+#include <spa/utils/overflow.h>
 #include <spa/param/latency-utils.h>
 #include <spa/param/audio/raw-json.h>
 #include <spa/debug/types.h>
@ -578,14 +579,14 @@ static void recalculate_buffer(struct impl *impl)
 		void *data;
 		size_t alloc_size;

-		if (delay > (UINT32_MAX / 4) - (1u<<15)) {
+		if (spa_overflow_add(delay, 1u << 15, &impl->buffer_size) ||
+		    spa_overflow_mul(impl->buffer_size, 4u, &impl->buffer_size)) {
 			pw_log_warn("delay too large, delay disabled");
 			impl->buffer_size = 0;
 			free(impl->buffer_data);
 			impl->buffer_data = NULL;
 			goto done;
 		}
-		impl->buffer_size = (delay + (1u<<15)) * 4;
 		alloc_size = (size_t)impl->buffer_size * impl->channels;
 		data = realloc(impl->buffer_data, alloc_size);
 		if (data == NULL) {
--- a/src/modules/module-netjack2/peer.c
+++ b/src/modules/module-netjack2/peer.c
@ -1,5 +1,6 @@

 #include <spa/utils/endian.h>
+#include <spa/utils/overflow.h>
 #include <spa/control/ump-utils.h>

 #ifdef HAVE_OPUS_CUSTOM
@ -142,11 +143,11 @@ static int netjack2_init(struct netjack2_peer *peer)

 	max_midi_ch = SPA_MAX(peer->params.send_midi_channels, peer->params.recv_midi_channels);
 	if (max_midi_ch > MAX_CHANNELS ||
-	    peer->params.period_size > UINT32_MAX / sizeof(float) / SPA_MAX(max_midi_ch, 1u)) {
+	    spa_overflow_mul(peer->params.period_size, (uint32_t)sizeof(float), &peer->midi_size) ||
+	    spa_overflow_mul(peer->midi_size, max_midi_ch, &peer->midi_size)) {
 		errno = EINVAL;
 		goto error_errno;
 	}
-	peer->midi_size = peer->params.period_size * sizeof(float) * max_midi_ch;
 	if ((peer->midi_data = calloc(1, peer->midi_size)) == NULL && peer->midi_size > 0)
 		goto error_errno;

@ -157,13 +158,11 @@ static int netjack2_init(struct netjack2_peer *peer)
 	}

 	if (peer->params.sample_encoder == NJ2_ENCODER_INT) {
-		peer->max_encoded_size = peer->params.period_size * sizeof(int16_t);
-		if (peer->params.period_size > UINT32_MAX / sizeof(int16_t) ||
-		    (max_audio_ch > 0 && peer->max_encoded_size > UINT32_MAX / max_audio_ch)) {
+		if (spa_overflow_mul(peer->params.period_size, (uint32_t)sizeof(int16_t), &peer->max_encoded_size) ||
+		    spa_overflow_mul(peer->max_encoded_size, max_audio_ch, &peer->encoded_size)) {
 			errno = EINVAL;
 			goto error_errno;
 		}
-		peer->encoded_size = peer->max_encoded_size * max_audio_ch;
 		if ((peer->encoded_data = calloc(1, peer->encoded_size)) == NULL)
 			goto error_errno;
 	} else if (peer->params.sample_encoder == NJ2_ENCODER_OPUS) {
@ -175,11 +174,10 @@ static int netjack2_init(struct netjack2_peer *peer)
 		}
 		peer->max_encoded_size = ((uint64_t)peer->params.kbps * peer->params.period_size * 1024) /
 			(peer->params.sample_rate * 8) + sizeof(uint16_t);
-		if (max_audio_ch > 0 && peer->max_encoded_size > UINT32_MAX / max_audio_ch) {
+		if (spa_overflow_mul(peer->max_encoded_size, max_audio_ch, &peer->encoded_size)) {
 			errno = EINVAL;
 			goto error_errno;
 		}
-		peer->encoded_size = peer->max_encoded_size * max_audio_ch;
 		if ((peer->encoded_data = calloc(1, peer->encoded_size)) == NULL)
 			goto error_errno;
 		if ((peer->opus_config = opus_custom_mode_create(peer->params.sample_rate,
@ -800,9 +798,8 @@ static int netjack2_recv_midi(struct netjack2_peer *peer, struct nj2_packet_head
 	peer->sync.num_packets = ntohl(header->num_packets);
 	max_size = peer->params.mtu - sizeof(*header);

-	if (sub_cycle > 0 && max_size > UINT32_MAX / sub_cycle)
+	if (spa_overflow_mul(max_size, sub_cycle, &offset))
 		return -EOVERFLOW;
-	offset = max_size * sub_cycle;

 	data += sizeof(*header);
 	len -= sizeof(*header);
--- a/src/modules/module-sendspin/websocket.c
+++ b/src/modules/module-sendspin/websocket.c
@ -11,6 +11,7 @@
 #include <netdb.h>

 #include <spa/utils/result.h>
+#include <spa/utils/overflow.h>
 #include <spa/debug/mem.h>

 #include "config.h"
@ -644,9 +645,8 @@ static int handle_input(struct pw_websocket_connection *conn)
 					current)) < 0)
 				return res;

-			if (conn->data_wanted > SIZE_MAX - res)
+			if (spa_overflow_add(conn->data_wanted, (size_t)res, &conn->data_wanted))
 				return -EOVERFLOW;
-			conn->data_wanted += res;
 		}
 	}
 	return 0;
@ -1020,14 +1020,14 @@ int pw_websocket_connection_send(struct pw_websocket_connection *conn, uint8_t o
 	size_t payload_length = 0;

 	for (i = 0; i < iov_len; i++) {
-		if (payload_length > SIZE_MAX - iov[i].iov_len)
+		if (spa_overflow_add(payload_length, iov[i].iov_len, &payload_length))
 			return -EOVERFLOW;
-		payload_length += iov[i].iov_len;
 	}
-	if (payload_length > SIZE_MAX - sizeof(*msg) - 14)
+	size_t alloc_size;
+	if (spa_overflow_add(payload_length, sizeof(*msg) + 14, &alloc_size))
 		return -EOVERFLOW;

-	if ((msg = calloc(1, sizeof(*msg) + 14 + payload_length)) == NULL)
+	if ((msg = calloc(1, alloc_size)) == NULL)
 		return -errno;

 	d = msg->data;
--- a/src/pipewire/array.h
+++ b/src/pipewire/array.h
@ -8,6 +8,7 @@
 #include <errno.h>

 #include <spa/utils/defs.h>
+#include <spa/utils/overflow.h>

 #ifdef __cplusplus
 extern "C" {
@ -111,7 +112,8 @@ PW_API_ARRAY int pw_array_ensure_size(struct pw_array *arr, size_t size)
 	size_t alloc, need;

 	alloc = arr->alloc;
-	need = arr->size + size;
+	if (SPA_UNLIKELY(spa_overflow_add(arr->size, size, &need)))
+		return -ENOMEM;

 	if (SPA_UNLIKELY(alloc < need)) {
 		void *data;
--- a/src/pipewire/buffers.c
+++ b/src/pipewire/buffers.c
@ -6,6 +6,7 @@
 #include <spa/pod/iter.h>
 #include <spa/param/param.h>
 #include <spa/buffer/alloc.h>
+#include <spa/utils/overflow.h>
 #include <spa/debug/types.h>

 #include "pipewire/keys.h"
@ -71,7 +72,12 @@ static int alloc_buffers(struct pw_mempool *pool,
        spa_buffer_alloc_fill_info(&info, n_metas, metas, n_datas, datas, data_aligns);

 	/* allocate the skeleton, depending on SHARED flag, meta/chunk/data is included */
-	buffers = calloc(1, info.max_align + n_buffers * (sizeof(struct spa_buffer *) + info.skel_size));
+	size_t skel_alloc;
+	if (spa_overflow_mul((size_t)n_buffers, sizeof(struct spa_buffer *) + info.skel_size, &skel_alloc) ||
+	    spa_overflow_add(skel_alloc, (size_t)info.max_align, &skel_alloc))
+		return -ENOMEM;
+
+	buffers = calloc(1, skel_alloc);
 	if (buffers == NULL)
 		return -errno;

@ -80,12 +86,18 @@ static int alloc_buffers(struct pw_mempool *pool,

 	if (SPA_FLAG_IS_SET(flags, PW_BUFFERS_FLAG_SHARED)) {
 		/* For shared data we use MemFd for meta/chunk/data */
+		size_t mem_alloc;
+		if (spa_overflow_mul((size_t)n_buffers, (size_t)info.mem_size, &mem_alloc)) {
+			free(buffers);
+			return -ENOMEM;
+		}
+
 		m = pw_mempool_alloc(pool,
 				PW_MEMBLOCK_FLAG_READWRITE |
 				PW_MEMBLOCK_FLAG_SEAL |
 				PW_MEMBLOCK_FLAG_MAP,
 				SPA_DATA_MemFd,
-				n_buffers * info.mem_size);
+				mem_alloc);
 		if (m == NULL) {
 			free(buffers);
 			return -errno;
--- a/src/pipewire/mem.h
+++ b/src/pipewire/mem.h
@ -5,6 +5,7 @@
 #ifndef PIPEWIRE_MEM_H
 #define PIPEWIRE_MEM_H

+#include <spa/utils/overflow.h>
 #include <pipewire/properties.h>

 struct spa_hook;
@ -184,14 +185,15 @@ PW_API_MEM int pw_map_range_init(struct pw_map_range *range,
 				     uint32_t offset, uint32_t size,
 				     uint32_t page_size)
 {
+	uint32_t sum, tmp;
 	range->offset = SPA_ROUND_DOWN_N(offset, page_size);
 	range->start = offset - range->offset;
-	if (size > UINT32_MAX - range->start)
+	if (spa_overflow_add(range->start, size, &sum))
 		return -EOVERFLOW;
 	/* Check that rounding up to page_size won't overflow */
-	if (range->start + size > UINT32_MAX - (page_size - 1))
+	if (spa_overflow_add(sum, page_size - 1, &tmp))
 		return -EOVERFLOW;
-	range->size = SPA_ROUND_UP_N(range->start + size, page_size);
+	range->size = SPA_ROUND_UP_N(sum, page_size);
 	return 0;
 }

--- a/src/pipewire/utils.c
+++ b/src/pipewire/utils.c
@ -14,6 +14,7 @@
 #include <time.h>

 #include <spa/utils/json.h>
+#include <spa/utils/overflow.h>
 #include <spa/debug/log.h>

 #include <pipewire/array.h>
@ -368,10 +369,11 @@ void* pw_reallocarray(void *ptr, size_t nmemb, size_t size)
 #ifdef HAVE_REALLOCARRAY
 	return reallocarray(ptr, nmemb, size);
 #else
-	if (size > 0 && nmemb > SIZE_MAX / size) {
+	size_t total;
+	if (spa_overflow_mul(nmemb, size, &total)) {
 		errno = ENOMEM;
 		return NULL;
 	}
-	return realloc(ptr, nmemb * size);
+	return realloc(ptr, total);
 #endif
 }
--- a/src/tools/dsffile.c
+++ b/src/tools/dsffile.c
@ -11,6 +11,7 @@
 #include <math.h>

 #include <spa/utils/string.h>
+#include <spa/utils/overflow.h>

 #include "dsffile.h"

@ -96,10 +97,11 @@ static int read_fmt(struct dsf_file *f)
 	if (size > s)
 		f_skip(f, size - s);

+	size_t buf_size;
 	if (f->info.blocksize == 0 || f->info.channels == 0 ||
-	    f->info.channels > SIZE_MAX / f->info.blocksize)
+	    spa_overflow_mul((size_t)f->info.channels, (size_t)f->info.blocksize, &buf_size))
 		return -EINVAL;
-	f->buffer = calloc(f->info.channels, f->info.blocksize);
+	f->buffer = calloc(1, buf_size);
 	if (f->buffer == NULL)
 		return -errno;