From 60e2857d820d4ec4e9d5d5d3589ab8a618da110b Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Mon, 27 Apr 2026 12:14:47 +0200
Subject: [PATCH] security: fix incorrect sizeof in RAOP packet size log
 messages

Input Validation: Low

The log messages for short timing and control packets used sizeof(bytes)
(size of the ssize_t variable, always 8 on 64-bit) instead of
sizeof(packet) (the actual expected packet size). This caused misleading
log output that could mask packet truncation attacks or debugging issues
with RAOP timing/control packet validation.

Fix by using sizeof(packet) to correctly report the expected packet size.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 src/modules/module-raop-sink.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/modules/module-raop-sink.c b/src/modules/module-raop-sink.c
index 252bf694a..a538f1c5e 100644
--- a/src/modules/module-raop-sink.c
+++ b/src/modules/module-raop-sink.c
@@ -632,7 +632,7 @@ on_timing_source_io(void *data, int fd, uint32_t mask)
 		}
 		if (bytes != sizeof(packet)) {
 			pw_log_warn("discarding short (%zd < %zd) timing packet",
-					bytes, sizeof(bytes));
+					bytes, sizeof(packet));
 			return;
 		}
 		if (packet[0] != ntohl(0x80d20007))
@@ -671,7 +671,7 @@ on_control_source_io(void *data, int fd, uint32_t mask)
 		}
 		if (bytes != sizeof(packet)) {
 			pw_log_warn("discarding short (%zd < %zd) control packet",
-					bytes, sizeof(bytes));
+					bytes, sizeof(packet));
 			return;
 		}
 		hdr = ntohl(packet[0]);