From 6cee86e509d721b4cc96a1dfed8e76933a68cdf6 Mon Sep 17 00:00:00 2001 From: Wim Taymans Date: Fri, 8 May 2026 10:33:39 +0200 Subject: [PATCH] sendspin: avoid buffer overread Check that we have enough bytes (>=9) to parse the message type and the timestamp. --- src/modules/module-sendspin-recv.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/modules/module-sendspin-recv.c b/src/modules/module-sendspin-recv.c index f76bfde6d..796520ce8 100644 --- a/src/modules/module-sendspin-recv.c +++ b/src/modules/module-sendspin-recv.c @@ -876,9 +876,14 @@ static int do_handle_binary(struct client *client, const uint8_t *payload, int s { struct impl *impl = client->impl; int32_t filled; - uint32_t index, length = size - 9; + uint32_t index, length; uint64_t timestamp; + if (size < 9) + return 0; + + length = size - 9; + if (payload[0] != 4 || client->stream == NULL) return 0;