mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-03 06:47:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: add total sample cache size limit in PulseAudio protocol

Browse source 
There was no limit on the total size of the sample cache. A client
could upload many samples to exhaust server memory. Add a configurable
pulse.max-sample-cache property (default 64MB) to cap the total size
of all cached samples.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-29 16:39:57 +02:00
parent 37990b5e90
commit 52afec565b
5 changed files with 18 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/modules/module-protocol-pulse/pulse-server.c
View file

@ -2413,6 +2413,12 @@ static int do_finish_upload_stream(struct client *client, uint32_t command, uint
channel, name);
struct sample *old = find_sample(impl, SPA_ID_INVALID, name);
uint32_t new_length = stream->attr.maxlength;
uint32_t old_length = old != NULL ? old->length : 0;
if (impl->stat.sample_cache + new_length - old_length > impl->defs.max_sample_cache) {
res = -ENOSPC;
goto error;
}
if (old == NULL || old->ref > 1) {
sample = calloc(1, sizeof(*sample));
if (sample == NULL)
@ -5606,6 +5612,7 @@ static void load_defaults(struct defs *def, struct pw_properties *props)
parse_position(props, "pulse.default.position", DEFAULT_POSITION, &def->channel_map);
parse_uint32(props, "pulse.idle.timeout", DEFAULT_IDLE_TIMEOUT, &def->idle_timeout);
parse_uint32(props, "pulse.max-streams", SPA_STRINGIFY(MAX_STREAMS), &def->max_streams);
parse_uint32(props, "pulse.max-sample-cache", SPA_STRINGIFY(MAX_SAMPLE_CACHE), &def->max_sample_cache);
def->sample_spec.channels = def->channel_map.channels;
def->quantum_limit = 8192;
}