From cff8ac0cab3efc8aa1e65e1e2a5cd557776b85ee Mon Sep 17 00:00:00 2001 From: Wim Taymans Date: Mon, 29 Nov 2021 10:42:02 +0100 Subject: [PATCH] client-node: improve memory checks For MemPtr memory, we use the fd of the buffer metadata and chunk info. Check that the memory is also in this block. Check that all the memory of the buffer fits in the memory block. See #1859 --- src/modules/module-client-node/client-node.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/modules/module-client-node/client-node.c b/src/modules/module-client-node/client-node.c index 6ef861d96..8702ce5dc 100644 --- a/src/modules/module-client-node/client-node.c +++ b/src/modules/module-client-node/client-node.c @@ -810,9 +810,15 @@ do_port_use_buffers(struct impl *impl, } for (j = 0; j < buffers[i]->n_datas; j++) { struct spa_data *d = buffers[i]->datas; - if (d->type == SPA_DATA_MemPtr) - endptr = SPA_PTROFF(d->data, d->maxsize, void); + if (d->type == SPA_DATA_MemPtr) { + if ((m = pw_mempool_find_ptr(impl->context->pool, d->data)) == NULL || + m != mem) + return -EINVAL; + endptr = SPA_MAX(endptr, SPA_PTROFF(d->data, d->maxsize, void)); + } } + if (endptr > SPA_PTROFF(baseptr, mem->size, void)) + return -EINVAL; m = pw_mempool_import_block(this->client->pool, mem); if (m == NULL)