mirror of
https://gitlab.freedesktop.org/pipewire/pipewire.git
synced 2026-07-05 00:06:16 -04:00
security: fix unchecked alloca in pulse-server property list handling
Memory Safety: Medium fill_card_info() uses pi->n_props from port info for an alloca() without bounds checking. A card object with many port properties can similarly exhaust the stack. Add MAX_ALLOCA_SIZE checks consistent with the existing pattern to prevent stack overflow from large property counts. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
42c0df1a47
commit
1302cbd08d
1 changed files with 2 additions and 1 deletions
|
|
@ -3650,7 +3650,8 @@ static int fill_card_info(struct client *client, struct message *m,
|
|||
|
||||
pi = &port_info[n];
|
||||
|
||||
if (pi->info && pi->n_props > 0) {
|
||||
if (pi->info && pi->n_props > 0 &&
|
||||
pi->n_props <= MAX_ALLOCA_SIZE / sizeof(*items)) {
|
||||
items = alloca(pi->n_props * sizeof(*items));
|
||||
pdict = collect_props(pi->info, &dict, items, pi->n_props);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue