mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-09 08:21:08 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

mem: handle overflow in pw_map_range_init()

Browse source 
Integer overflows can result in map_range_init() to return wrong offset
or size that can result in access to invalid or unmapped memory.

Check for the overflows and return an EOVERFLOW error.

Found by Claude Code.
This commit is contained in:
Wim Taymans 2026-04-08 09:45:28 +02:00
parent d7be4353ad
commit 1a3df16e27
6 changed files with 96 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

5
pipewire-v4l2/src/pipewire-v4l2.c
View file

@ -2570,7 +2570,10 @@ static void *v4l2_mmap(void *addr, size_t length, int prot,
buf = &file->buffers[id];
data = &buf->buf->buffer->datas[0];
pw_map_range_init(&range, data->mapoffset, data->maxsize, 1024);
if (pw_map_range_init(&range, data->mapoffset, data->maxsize, 1024) < 0) {
res = MAP_FAILED;
goto error_unlock;
}
if (!SPA_FLAG_IS_SET(data->flags, SPA_DATA_FLAG_READABLE))
prot &= ~PROT_READ;