mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-08 08:21:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

protocol-native: check msg fds against available fds

Browse source 
Check that the number of fds for the message does not exceed the number
of received fds with SCM_RIGHTS.

The check was simply doing an array bounds check. This could still lead
to out-of-sync fds or usage of uninitialized/invalid fds when the
message header claims more fds than there were passed with SCM_RIGHTS.

Found by Claude Code.
This commit is contained in:
Wim Taymans 2026-04-07 18:20:26 +02:00
parent 247918339e
commit c9ecbf9fab
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/modules/module-protocol-native/connection.c
View file

@ -536,7 +536,7 @@ static int prepare_packet(struct pw_protocol_native_connection *conn, struct buf
size -= impl->hdr_size; size -= impl->hdr_size;
buf->msg.fds = &buf->fds[buf->fds_offset]; buf->msg.fds = &buf->fds[buf->fds_offset];
if (buf->msg.n_fds + buf->fds_offset > MAX_FDS) if (buf->msg.n_fds + buf->fds_offset > buf->n_fds)
return -EPROTO; return -EPROTO;
if (size < len) if (size < len)