mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-29 06:46:38 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/spa/plugins
History
Wim Taymans 1de8615caf security: fix missing NULL check and integer overflow in AVB ringbuffer 
Memory Safety: Medium

The AVB PCM ringbuffer allocation used calloc(1, size * 4) which has
two issues: the multiplication can overflow for large ringbuffer_size
values (derived from quantum_limit config parameter), and the return
value was never checked for NULL.

Fixed by using calloc(size, 4) which lets calloc check for overflow
internally, and added a NULL check for the allocation result.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-28 13:05:09 +02:00
..
aec spa: aec: Add some channel config validation 2026-03-17 12:06:25 +00:00
alsa security: add missing O_CLOEXEC/SOCK_CLOEXEC flags 2026-04-28 12:20:33 +02:00
audioconvert channelmix: add SEE 7p1 to stereo downmix 2026-04-27 15:59:38 +02:00
audiomixer audiomixer: rate limit the "out of buffers" debug 2026-04-28 10:34:39 +02:00
audiotestsrc spa: do not use SPA_PROP_live 2026-03-27 18:03:24 +01:00
avb security: fix missing NULL check and integer overflow in AVB ringbuffer 2026-04-28 13:05:09 +02:00
bluez5 security: reject negative DBus array lengths in Bluetooth transport 2026-04-27 11:04:52 +02:00
control mixer: handle control.ump property 2026-03-25 11:59:43 +01:00
ffmpeg spa: use log topics everywhere 2024-03-11 18:45:21 +02:00
filter-graph security: add missing NULL checks after calloc in filter-graph 2026-04-28 13:02:50 +02:00
jack *: don't include standard C headers inside of extern "C" 2025-05-30 09:48:28 +01:00
libcamera spa: libcamera: use std::span 2026-03-27 09:57:56 +01:00
support security: add missing O_CLOEXEC/SOCK_CLOEXEC flags 2026-04-28 12:20:33 +02:00
test spa: do not use SPA_PROP_live 2026-03-27 18:03:24 +01:00
v4l2 security: add missing O_CLOEXEC flag to V4L2 device open 2026-04-28 12:56:40 +02:00
videoconvert overflow: fix some more potential overflows 2026-04-27 12:29:31 +02:00
videotestsrc spa: do not use SPA_PROP_live 2026-03-27 18:03:24 +01:00
volume treewide: access the position information using helpers 2025-10-21 13:06:25 +02:00
vulkan vulkan: fix wrong descriptor image info index 2026-04-21 15:13:03 +00:00
meson.build spa/plugins: revert "Disable alsa plugin on !Linux platforms." 2026-03-12 09:20:05 +00:00