mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-14 08:21:47 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

mem: handle overflow in pw_map_range_init()

Browse source 
Integer overflows can result in map_range_init() to return wrong offset
or size that can result in access to invalid or unmapped memory.

Check for the overflows and return an EOVERFLOW error.

Found by Claude Code.
This commit is contained in:
Wim Taymans 2026-04-08 09:45:28 +02:00
parent 6c00e598e5
commit 1ac706c3bc
6 changed files with 96 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

5
pipewire-v4l2/src/pipewire-v4l2.c
View file

@ -2570,7 +2570,10 @@ static void *v4l2_mmap(void *addr, size_t length, int prot,
buf = &file->buffers[id];
data = &buf->buf->buffer->datas[0];
pw_map_range_init(&range, data->mapoffset, data->maxsize, 1024);
if (pw_map_range_init(&range, data->mapoffset, data->maxsize, 1024) < 0) {
res = MAP_FAILED;
goto error_unlock;
}
if (!SPA_FLAG_IS_SET(data->flags, SPA_DATA_FLAG_READABLE))
prot &= ~PROT_READ;