security: replace atoi() with spa_atou32() for RTP session parameters

Input Validation: Medium

The RTP-SAP module used atoi() to parse rtp.rate, rtp.channels,
rtp.ssrc, and rtp.ts-offset properties into uint32_t fields. atoi()
returns int, which has undefined behavior on overflow and silently
converts negative values. When assigned to uint32_t, a negative result
wraps to a large value.

These properties can originate from received SDP announcements over the
network. Replaced with spa_atou32() which properly validates the input
and rejects non-numeric or out-of-range values. This is consistent with
how the same function already handles rtp.framecount using spa_atou32().

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/modules/module-rtp-sap.c

@@ -1191,15 +1191,19 @@ static struct session *session_new_announce(struct impl *impl, struct node *node
 	replace_str(&sdp->mime_type, str);
 
 	if ((str = pw_properties_get(props, "rtp.rate")) != NULL)
-		sdp->rate = atoi(str);
+		if (!spa_atou32(str, &sdp->rate, 0))
+			sdp->rate = 0;
 	if ((str = pw_properties_get(props, "rtp.channels")) != NULL)
-		sdp->channels = atoi(str);
+		if (!spa_atou32(str, &sdp->channels, 0))
-	if ((str = pw_properties_get(props, "rtp.ssrc")) != NULL)
+			sdp->channels = 0;
-		sdp->ssrc = atoi(str);
+	if ((str = pw_properties_get(props, "rtp.ssrc")) != NULL) {
-	else
+		if (!spa_atou32(str, &sdp->ssrc, 0))
+			sdp->ssrc = 0;
+	} else
 		sdp->ssrc = 0;
 	if ((str = pw_properties_get(props, "rtp.ts-offset")) != NULL)
-		sdp->ts_offset = atoi(str);
+		if (!spa_atou32(str, &sdp->ts_offset, 0))
+			sdp->ts_offset = 0;
 	str = pw_properties_get(props, "rtp.ts-refclk");
 	replace_str(&sdp->ts_refclk, str);