mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-03 06:47:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: validate opus encoded length in netjack2 recv

Browse source 
Validate that the encoded length from the network does not exceed
the available encoded data region before passing it to the opus
decoder.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-29 12:37:55 +02:00
parent 3a77f9c28a
commit be4fe881e3
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/modules/module-netjack2/peer.c
View file

@ -967,14 +967,18 @@ static int netjack2_recv_opus(struct netjack2_peer *peer, struct nj2_packet_head
for (i = 0; i < active_ports; i++) {
uint16_t *ap = SPA_PTROFF(encoded_data, i * max_encoded, uint16_t);
uint16_t encoded_len = ntohs(ap[0]);
void *pcm;
int res;
if (i >= n_info || (pcm = info[i].data) == NULL)
continue;
if (encoded_len > max_encoded - sizeof(uint16_t))
continue;
res = opus_custom_decode_float(peer->opus_dec[i],
(unsigned char*)&ap[1], ntohs(ap[0]),
(unsigned char*)&ap[1], encoded_len,
pcm, peer->sync.frames);
if (res < 0 || res > 0xffff || res != peer->sync.frames)