Memory Safety: Medium
In new_setup_simd(), the return value of malloc() for the PFFFT_Setup
struct was not checked before dereferencing. Similarly,
pffft_aligned_malloc() for the data buffer was not checked. If either
allocation fails, the code dereferences NULL causing a crash.
Add NULL checks for both allocations, freeing previously allocated
memory on failure.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Memory Safety: High
When parsing a DSF audio file, blocksize and channels are read as
uint32_t from untrusted file data and multiplied together for the
buffer allocation. A malicious file could set these to values whose
product overflows, resulting in a small allocation followed by
out-of-bounds writes when the buffer is filled.
Add overflow checking before the multiplication and validate that
neither value is zero. Also use calloc(channels, blocksize) instead
of calloc(1, blocksize * channels) to let calloc perform its own
internal overflow check.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Memory Safety: High
In rtsp_do_options_auth(), the return values of strdup() for
auth_method, realm, and nonce were not checked for NULL. If strdup()
fails due to memory exhaustion, spa_streq() on auth_method will
dereference NULL, and the realm/nonce pointers will be used later in
MD5_hash() causing NULL pointer dereferences.
Add NULL checks after each strdup() call, returning -ENOMEM on failure.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Memory Safety: High
In dot_data_init(), the return value of malloc() was not checked before
dereferencing, causing a NULL pointer dereference if allocation fails.
In dot_data_ensure_max_size(), the return value of realloc() was
assigned directly to dd->data without checking for NULL, which both
loses the original pointer (memory leak) and causes a NULL pointer
dereference on subsequent use.
Add NULL checks for both cases. For realloc, use a temporary variable
to preserve the original pointer on failure.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
There is nothing wrong with the use of strcat here but security tools
keep complaining about it and creating bad patches for it so fix it
with a strbuf.
Memory Safety: High
Three malloc calls for ring buffers (rec_buffer, play_buffer,
out_buffer) had no NULL checks. If any allocation fails, the
NULL pointers would be passed to memset and ringbuffer
operations in reset_buffers(), causing a NULL pointer
dereference crash.
Additionally, the ring size calculations used uint32_t
arithmetic which could overflow with large user-configurable
buffer.max_size values. Cast to size_t to perform the
multiplication in 64-bit, preventing intermediate overflow.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Memory Safety: Medium
strcpy was used to copy port names into fixed-size buffers
(REAL_JACK_PORT_NAME_SIZE+1) without explicit bounds checking.
Port names originate from JACK client API calls and PipeWire
port info, which are external inputs. Replaced with snprintf
using sizeof(destination) to guarantee the copy is always
bounded, preventing potential buffer overflows if source
strings exceed the expected maximum length.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Memory Safety: Low
sprintf was used to format a temporary filename into an alloca'd
buffer. While the buffer was correctly sized (strlen + 5), using
snprintf with an explicit size makes the bound check enforceable
and prevents potential overflow if the sizing logic is modified
in the future.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Memory Safety: Low
sprintf was used to format MD5 hex digest bytes into a fixed-size
buffer without explicit bounds. While the output is bounded by the
fixed MD5 digest length (16 bytes = 32 hex chars), using snprintf
with an explicit size of 3 (2 hex chars + null) ensures correctness
even if the surrounding code changes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Memory Safety: Medium
sprintf was used to format a /proc path without bounds checking.
While pid_t values are practically bounded, using snprintf with
sizeof(root_path) ensures the buffer cannot overflow regardless
of the input value, following defense-in-depth principles.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Shuffle FFT output into real/imag blocks so that they are easier to
handle in the complex multiply. Do the unshuffle again before doing the
inverse FFT.
When streams are skipped via continue in updateDescriptors(),
the loop index i and descriptorSetLen diverge. The image info
is written at descriptorSetLen but pImageInfo was referencing
index i, pointing to uninitialized memory and causing incorrect
Vulkan descriptor updates.
Fix by using descriptorSetLen consistently.
Signed-off-by: Wang Yu <wangyu@uniontech.com>
We don't need 2 convolvers anymore, we can use the same convolver with
2 outputs with the left and right ir.
Add latency option to the sofa plugin. I believe the latency of the
SOFA filters is by default 0, so use that.
Add support for multiple convolver outputs. This makes things more
efficient because we only need to do the input FFT once to produce the N
outputs.
Add convolver2 that can have multiple outputs.
port_use_buffers and related port methods increment port_id when the
implicit output direction differs from the adapter's primary direction.
port_reuse_buffer only receives a port id but applies to output ports,
so apply the same offset before forwarding to this->target.
Also update videoadapter for the same mapping.
MT7925 fails to setup a SCO connection that results to working LC3-24kHz
audio. Other controllers (Intel etc) appear to work OK.
Add quirk for disabling this codec, and disable it for this Mediatek
controller.
We need to deactivate the graph when the format was cleared on both the
input and output. This means we got suspended and we need to clear. We
can safely do this now because we take the right locks.
SF_FORMAT_WAVEX is not supported to SF_ENDIAN_CPU. Due to that, unable
to record in .wav file (for > 2 channels). Add case for SF_FORMAT_WAVEX
to get assign SF_ENDIAN_FILE.
Fixes#5233
The DSP port type needs to be something else than "other" for it
to become visible. This way we can also remove the IS_VISIBLE check
because we never add invisible ports to the object list.
