mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-03 06:47:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: fix integer overflow in netjack2 opus encoded size calculation

Browse source 
Cast the denominator to uint64_t to prevent sample_rate * 8 from
overflowing uint32_t, which could produce a tiny denominator and
an inflated max_encoded_size.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-29 12:39:37 +02:00
parent be4fe881e3
commit 7dee2c158f
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/modules/module-netjack2/peer.c
View file

@ -173,7 +173,7 @@ static int netjack2_init(struct netjack2_peer *peer)
goto error_errno;
}
peer->max_encoded_size = ((uint64_t)peer->params.kbps * peer->params.period_size * 1024) /
(peer->params.sample_rate * 8) + sizeof(uint16_t);
((uint64_t)peer->params.sample_rate * 8) + sizeof(uint16_t);
if (spa_overflow_mul(peer->max_encoded_size, max_audio_ch, &peer->encoded_size)) {
errno = EINVAL;
goto error_errno;