mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-04 06:46:24 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

pod: check that padding is zeroed

Browse source 
This checks that padding is zeroed in the SPA POD parser.  Non-zero
padding is likely an indicator of a bug in the sender, especially one
that leaks uninitialized memory.
This commit is contained in:
Demi Marie Obenour 2024-08-18 19:50:44 -04:00
parent eec1ac20b7
commit 340ec2464e
1 changed files with 7 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
spa/include/spa/pod/parser.h
View file

@ -80,9 +80,14 @@ spa_pod_parser_deref(struct spa_pod_parser *parser, uint32_t offset, uint32_t si
* to the next multiple of 8) is in bounds. * to the next multiple of 8) is in bounds.
*/ */
if (SPA_IS_ALIGNED(pod, SPA_POD_ALIGN) && if (SPA_IS_ALIGNED(pod, SPA_POD_ALIGN) &&
long_offset + SPA_ROUND_UP_N((uint64_t)SPA_POD_BODY_SIZE(pod), SPA_POD_ALIGN) <= size) long_offset + SPA_ROUND_UP_N((uint64_t)SPA_POD_BODY_SIZE(pod), SPA_POD_ALIGN) <= size) {
uint64_t zero = 0;
size_t padding = SPA_POD_BODY_SIZE(pod) & 7;
if (padding == 0 ||
memcmp(SPA_PTROFF(pod, SPA_POD_SIZE(pod), void), &zero, 8 - padding) == 0)
return (struct spa_pod *)pod; return (struct spa_pod *)pod;
} }
}
return NULL; return NULL;
} }