security: validate sample rate in PulseAudio update_stream_sample_rate

The client-provided rate was used without validation. A zero or
excessively large rate produces extreme correction values passed
to pw_stream_set_control. Reject rates that are zero or exceed
RATE_MAX.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

src/modules/module-protocol-pulse/pulse-server.c

@@ -4684,6 +4684,9 @@ static int do_update_stream_sample_rate(struct client *client, uint32_t command,
 	if (stream == NULL || stream->type == STREAM_TYPE_UPLOAD)
 		return -ENOENT;
 
+	if (rate == 0 || rate > RATE_MAX)
+		return -EINVAL;
+
 	stream->rate = rate;
 
 	corr = (float)rate/(float)stream->ss.rate;