mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-03 06:47:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: fix division by zero in PulseAudio set_stream_buffer_attr

Browse source 
A client can create a stream with invalid sample_spec (rate=0) via
format_info negotiation, then send SET_STREAM_BUFFER_ATTR before
negotiation completes. fix_playback_buffer_attr divides by ss.rate,
crashing the daemon. Reject buffer attr changes on streams that
have not completed format negotiation.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-29 17:08:17 +02:00
parent cd7bb1e37d
commit d3e1be8b6e
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/modules/module-protocol-pulse/pulse-server.c
View file

@ -4593,7 +4593,7 @@ static int do_set_stream_buffer_attr(struct client *client, uint32_t command, ui
commands[command].name, tag, channel);
stream = pw_map_lookup(&client->streams, channel);
if (stream == NULL)
if (stream == NULL || stream->create_tag != SPA_ID_INVALID)
return -ENOENT;
if (command == COMMAND_SET_PLAYBACK_STREAM_BUFFER_ATTR) {