mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-29 06:46:38 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/spa
History
Wim Taymans 06421554d3 security: cap alloca size in JSON-to-POD string conversion 
Memory Safety: Medium

spa_json_to_pod_part() uses alloca(len+1) to allocate a stack buffer
for JSON string values, where len comes from the JSON parser. Since
this function is recursive (for nested JSON objects/arrays), a
crafted JSON document with large string values can cause stack
exhaustion through unbounded alloca calls.

Add a size check capping the alloca to 8192 bytes, which is generous
for all legitimate PipeWire configuration values (type names, IDs,
property strings) while preventing stack overflow from malicious or
malformed JSON input.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-28 11:52:41 +02:00
..
examples spa: examples: fix getopt usage + typos in adapter-control 2025-10-26 14:12:19 +00:00
include security: cap alloca size in JSON-to-POD string conversion 2026-04-28 11:52:41 +02:00
include-private/spa-private spa: move dbus helpers out of bluez plugin 2024-02-05 13:03:20 +00:00
lib spa: update lib.c 2026-03-09 18:33:32 +01:00
plugins security: add bounds check for exec argv array in filter-graph 2026-04-28 10:41:34 +02:00
tests spa/tests: remove unused #include <linux/limits.h> 2026-03-11 21:50:21 +00:00
tools tools: port various tools to the new json-builder 2026-02-26 10:51:17 +01:00
meson.build meson: Always use -fno-strict-aliasing and -fno-strict-overflow 2025-07-24 07:30:28 +00:00