mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-03 06:47:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: reject zero-channel volume in PulseAudio message parsing

Browse source 
read_cvolume accepted channels=0, creating a degenerate zero-length
volume array that is passed to pw_stream_set_control and SPA pod
building. Reject zero channels alongside the existing CHANNELS_MAX
upper bound check.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-29 17:23:43 +02:00
parent 807b93fb05
commit bc4e1a989c
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/modules/module-protocol-pulse/message.c
View file

@ -215,7 +215,7 @@ static int read_cvolume(struct message *m, struct volume *vol)
if ((res = read_u8(m, &vol->channels)) < 0) if ((res = read_u8(m, &vol->channels)) < 0)
return res; return res;
if (vol->channels > CHANNELS_MAX) if (vol->channels == 0 || vol->channels > CHANNELS_MAX)
return -EINVAL; return -EINVAL;
for (i = 0; i < vol->channels; i ++) { for (i = 0; i < vol->channels; i ++) {
if ((res = read_volume(m, &vol->values[i])) < 0) if ((res = read_volume(m, &vol->values[i])) < 0)