mirror of
https://gitlab.freedesktop.org/pipewire/pipewire.git
synced 2026-07-05 00:06:16 -04:00
security: fix unchecked alloca in pulse-server property list handling
Memory Safety: Medium fill_card_info() uses pi->n_props from port info for an alloca() without bounds checking. A card object with many port properties can similarly exhaust the stack. Add MAX_ALLOCA_SIZE checks consistent with the existing pattern to prevent stack overflow from large property counts. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
42c0df1a47
commit
1302cbd08d
1 changed files with 2 additions and 1 deletions
|
|
@ -3650,7 +3650,8 @@ static int fill_card_info(struct client *client, struct message *m,
|
||||||
|
|
||||||
pi = &port_info[n];
|
pi = &port_info[n];
|
||||||
|
|
||||||
if (pi->info && pi->n_props > 0) {
|
if (pi->info && pi->n_props > 0 &&
|
||||||
|
pi->n_props <= MAX_ALLOCA_SIZE / sizeof(*items)) {
|
||||||
items = alloca(pi->n_props * sizeof(*items));
|
items = alloca(pi->n_props * sizeof(*items));
|
||||||
pdict = collect_props(pi->info, &dict, items, pi->n_props);
|
pdict = collect_props(pi->info, &dict, items, pi->n_props);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue