mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-03 06:47:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/spa/include/spa
History
Wim Taymans 9a4e0e4c85 security: fix format string vulnerability in hook.h example code 
Input Validation: Low

The documentation example code in hook.h passed the msg parameter
directly as the format string to printf() and fprintf(). If copied
by developers, this pattern creates a format string vulnerability
where specially crafted msg content with format specifiers (%x, %n,
etc.) could read/write memory. Use "%s" as the format string and
pass msg as a data argument instead.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-29 11:33:44 +02:00
..
buffer buffer: update comment, we have flags now 2025-10-06 10:31:52 +02:00
control ump: make sure we set the group correctly 2025-08-29 16:59:38 +02:00
debug security: replace sprintf with snprintf in spa_debugc_mem 2026-04-29 11:33:25 +02:00
filter-graph *: don't include standard C headers inside of extern "C" 2025-05-30 09:48:28 +01:00
graph *: don't include standard C headers inside of extern "C" 2025-05-30 09:48:28 +01:00
interfaces/audio add per type API defines 2024-11-26 11:58:51 +01:00
monitor *: don't include standard C headers inside of extern "C" 2025-05-30 09:48:28 +01:00
node spa: node: io: fix typo in documentation 2025-07-23 21:26:29 +02:00
param spa: replace ECHRNG with EINVAL 2026-03-11 20:40:24 +00:00
pod spa: Do not perform upper range check on 32-bit platforms 2026-03-30 23:31:36 +02:00
support spa: system: make spa_poll_event compatible with epoll_events 2026-04-06 10:24:32 +00:00
utils security: fix format string vulnerability in hook.h example code 2026-04-29 11:33:44 +02:00