pipewire

mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-03 06:47:04 -04:00

Wim Taymans 9a4e0e4c85 security: fix format string vulnerability in hook.h example code Input Validation: Low The documentation example code in hook.h passed the msg parameter directly as the format string to printf() and fprintf(). If copied by developers, this pattern creates a format string vulnerability where specially crafted msg content with format specifiers (%x, %n, etc.) could read/write memory. Use "%s" as the format string and pass msg as a data argument instead. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-29 11:33:44 +02:00
..
spa	security: fix format string vulnerability in hook.h example code	2026-04-29 11:33:44 +02:00
meson.build	spa: expose utils/cleanup.h for external users	2023-10-11 19:56:11 +02:00

Wim Taymans 9a4e0e4c85 security: fix format string vulnerability in hook.h example code

Input Validation: Low

The documentation example code in hook.h passed the msg parameter
directly as the format string to printf() and fprintf(). If copied
by developers, this pattern creates a format string vulnerability
where specially crafted msg content with format specifiers (%x, %n,
etc.) could read/write memory. Use "%s" as the format string and
pass msg as a data argument instead.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-04-29 11:33:44 +02:00

spa

security: fix format string vulnerability in hook.h example code

2026-04-29 11:33:44 +02:00

meson.build

spa: expose utils/cleanup.h for external users

2023-10-11 19:56:11 +02:00