pipewire

mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2025-10-31 22:25:38 -04:00

Demi Marie Obenour 0227a30bcf spa: Bounds-check pointers before dereferencing them Add a new overflow-safe function to check if region p2 of size s2 fits completely in p1 of size s1 and, if it does, return the amount of bytes in p1 that come after the end of p2. Use this to bounds check the pod iterators while ensuring that the pointer is bounds checked before being dereferenced. The spa_pod*_next() functions can still create an out-of-bounds pointer, but this will not be dereferenced. Fixing this requires either additional complexity in these functions or forbidding POD structs, objects, and sequences that have a length that is not a multiple of 8 bytes. Fixes: `92ac9a355f` ("spa: add spa_ptrinside") Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>	2023-12-26 16:05:24 +00:00
..
spa	spa: Bounds-check pointers before dereferencing them	2023-12-26 16:05:24 +00:00
meson.build	spa: expose utils/cleanup.h for external users	2023-10-11 19:56:11 +02:00

Demi Marie Obenour 0227a30bcf spa: Bounds-check pointers before dereferencing them

Add a new overflow-safe function to check if region p2 of size s2 fits
completely in p1 of size s1 and, if it does, return the amount of bytes
in p1 that come after the end of p2.  Use this to bounds check the pod
iterators while ensuring that the pointer is bounds checked before being
dereferenced.

The spa_pod*_next() functions can still create an out-of-bounds pointer,
but this will not be dereferenced.  Fixing this requires either
additional complexity in these functions or forbidding POD structs,
objects, and sequences that have a length that is not a multiple of 8
bytes.

Fixes: 92ac9a355f ("spa: add spa_ptrinside")
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>

2023-12-26 16:05:24 +00:00

spa spa: Bounds-check pointers before dereferencing them 2023-12-26 16:05:24 +00:00

meson.build spa: expose utils/cleanup.h for external users 2023-10-11 19:56:11 +02:00