mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-02-06 04:06:36 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
Multimedia processing graphs
13108 commits 5 branches 153 tags 39 MiB
Find a file
Barnabás Pőcze 69dcc7db7b pipewire: context: pw_context_find_format(): fix stack use-after-free 
Since fc49c1697a ("context: improve negotiation") it is possible
that the out parameter `format` will be set to `filter`. However,
`filter` is a SPA POD from the local SPA POD builder `fb`, which
references the local buffer `fbuf`.

In those cases, if the callers then make use of the returned SPA POD,
a stack use-after-free happens, such as the one displayed below.

The issue could be reliably triggered by executing the `video-play`
example program, and then trying to use the same camera in firefox.
As seen below, the input node, firefox's, provides no format preference,
causing the output format to be used. Previously, this had led
to the use-after-free described above.

pw.link    | [impl-link.c: 130 link_update_state()] (46.0.1 -> 114.0.0) init -> negotiating (paused-configure)
pw.context | [  context.c: 935 pw_context_find_format()] 0x51e000000080: finding best format 3 1
pw.context | [  context.c: 943 pw_context_find_format()] 0x51e000000080: states 3 1
pw.context | [  context.c: 958 pw_context_find_format()] 0x51e000000080: Got output format:
pw.context | [  context.c: 959 pw_context_find_format()]  video/raw
pw.context | [  context.c: 959 pw_context_find_format()]            format : (Id) YUY2
pw.context | [  context.c: 959 pw_context_find_format()]              size : (Rectangle) 640x480
pw.context | [  context.c: 959 pw_context_find_format()]         framerate : (Fraction) 30/1
pw.context | [  context.c: 966 pw_context_find_format()] 0x51e000000080: no input format filter, using output format: Success
=================================================================
==418404==ERROR: AddressSanitizer: stack-use-after-return on address 0x73993ee46200 at pc 0x739941d31020 bp 0x7fff526b4670 sp 0x7fff526b4660
READ of size 4 at 0x73993ee46200 thread T0
    #0 0x739941d3101f in spa_pod_builder_raw ../spa/include/spa/pod/builder.h:150
    #1 0x739941d3b35d in do_negotiate ../src/pipewire/impl-link.c:294
    #2 0x739941d46214 in check_states ../src/pipewire/impl-link.c:727
    #3 0x739941f14405 in process_work_queue ../src/pipewire/work-queue.c:64
    #4 0x73993d0dbe99 in source_event_func ../spa/plugins/support/loop.c:894
    #5 0x73993d0d6881 in loop_iterate ../spa/plugins/support/loop.c:727
    #6 0x739941d76b05 in spa_loop_control_enter ../spa/include/spa/support/loop.h:264
    #7 0x739941d76d93 in spa_loop_control_leave ../spa/include/spa/support/loop.h:268
    #8 0x739941d78946 in pw_main_loop_quit ../src/pipewire/main-loop.c:109
    #9 0x5a64b3cb1cec in main ../src/daemon/pipewire.c:130
    #10 0x739940c34e07  (/usr/lib/libc.so.6+0x25e07) (BuildId: 98b3d8e0b8c534c769cb871c438b4f8f3a8e4bf3)
    #11 0x739940c34ecb in __libc_start_main (/usr/lib/libc.so.6+0x25ecb) (BuildId: 98b3d8e0b8c534c769cb871c438b4f8f3a8e4bf3)
    #12 0x5a64b3caf3b4 in _start (/pipewire/build/src/daemon/pipewire+0x173b4) (BuildId: f9e8403a377e28bf8bd9cf0a5b89d33f08499917)

Address 0x73993ee46200 is located in stack of thread T0 at offset 512 in frame
    #0 0x739941c6ed5e in pw_context_find_format ../src/pipewire/context.c:907

  This frame has 15 object(s):
    [...]
    [432, 480) 'fb' (line 911)
    [512, 4608) 'fbuf' (line 912) <== Memory access at offset 512 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return ../spa/include/spa/pod/builder.h:150 in spa_pod_builder_raw
    [...]

Fixes: fc49c1697a ("context: improve negotiation")
2024-12-10 22:48:13 +01:00
.gitlab pipewire: remove cleanup.h 2024-05-16 17:35:58 +02:00
doc docs: update some LAC links 2024-12-03 13:25:29 +01:00
include/valgrind Fix typos 2024-05-22 09:19:34 +02:00
pipewire-alsa pass the right types to the methods 2024-11-20 10:17:37 +01:00
pipewire-jack pass the right types to the methods 2024-11-20 10:17:37 +01:00
pipewire-v4l2 pass the right types to the methods 2024-11-20 10:17:37 +01:00
po po: Update Swedish translation 2024-11-11 08:21:02 +00:00
spa filter-graph: add dcblock and ramp plugins 2024-12-09 15:00:35 +01:00
src pipewire: context: pw_context_find_format(): fix stack use-after-free 2024-12-10 22:48:13 +01:00
subprojects meson: Use correct git head for wireplumber subprojects 2024-10-23 08:37:51 -04:00
test Fix test-functional compilation by including necessary header 2024-09-23 08:09:45 +00:00
.codespell-ignore .codespell-ignore: update to current codebase 2021-10-07 15:26:18 +00:00
.editorconfig editorconfig: add xml files for the man pages 2021-05-20 07:34:17 +00:00
.gitattributes gitattributes: mark test/data/*.txt as text files 2024-05-05 15:17:39 +03:00
.gitignore aec-webrtc: Bump to webrtc-audio-processing-1 2023-09-06 09:31:06 +00:00
.gitlab-ci.yml ci: add elogind to alpine CI 2024-09-21 21:56:34 +00:00
autogen.sh Replace Pipewire with PipeWire for consistency 2021-07-14 16:56:54 +10:00
CODE_OF_CONDUCT.md Add a code of coduct 2019-11-08 13:57:36 +05:30
COPYING Relicense as MIT/X11 2018-11-05 17:48:52 +01:00
INSTALL.md INSTALL.md: Add WIREPLUMBER_DEBUG env variable 2024-01-01 18:30:19 +00:00
LICENSE 0.3.28 2021-05-19 10:11:36 +02:00
Makefile.in filter-chain: move the filter-graph to plugins 2024-11-13 11:12:06 +01:00
meson.build meson: move some filter-graph deps to spa 2024-12-09 11:30:04 +01:00
meson_options.txt filter-chain: add ebur128 filter 2024-12-09 11:31:33 +01:00
NEWS 1.2 2024-06-27 15:31:45 +02:00
pw-uninstalled.sh filter-chain: move the filter-graph to plugins 2024-11-13 11:12:06 +01:00
README.md env: PIPEWIRE_QUANTUM now uses FORCE_RATE and FORCE_QUANTUM 2023-10-10 15:10:19 +02:00
template.test.in Optionally install examples and tests 2020-06-16 17:58:02 +00:00

README.md

PipeWire

PipeWire is a server and user space API to deal with multimedia pipelines. This includes:

  • Making available sources of video (such as from a capture devices or application provided streams) and multiplexing this with clients.
  • Accessing sources of video for consumption.
  • Generating graphs for audio and video processing.

Nodes in the graph can be implemented as separate processes, communicating with sockets and exchanging multimedia content using fd passing.

Building and installation

The preferred way to install PipeWire is to install it with your distribution package system. This ensures PipeWire is integrated into the rest of your system for the best experience.

If you want to build and install PipeWire yourself, refer to install for instructions.

Usage

The most important purpose of PipeWire is to run your favorite apps.

Some applications use the native PipeWire API, such as most compositors (gnome-shell, wayland, ...) to implement screen sharing. These apps will just work automatically.

Most audio applications can use either ALSA, JACK or PulseAudio as a backend. PipeWire provides support for all 3 backends. Depending on how your distribution has configured things this should just work automatically or with the provided scripts shown below.

PipeWire can use environment variables to control the behaviour of applications:

  • PIPEWIRE_DEBUG=<level> to increase the debug level (or use one of XEWIDT for none, error, warnings, info, debug, or trace, respectively).
  • PIPEWIRE_LOG=<filename> to redirect log to filename
  • PIPEWIRE_LOG_SYSTEMD=false to disable logging to systemd journal
  • PIPEWIRE_LATENCY=<num/denom> to configure latency as a fraction. 10/1000 configures a 10ms latency. Usually this is expressed as a fraction of the samplerate, like 256/48000, which uses 256 samples at a samplerate of 48KHz for a latency of 5.33ms. This function does not attempt to configure the samplerate.
  • PIPEWIRE_RATE=<num/denom> to configure a rate for the graph.
  • PIPEWIRE_QUANTUM=<num/denom> to configure latency as a fraction and a samplerate. This function will force the graph samplerate to denom and force the specified num as the buffer size.
  • PIPEWIRE_NODE=<id> to request a link to the specified node. The id can be a node.name or object.serial of the target node.

Using tools

pw-cat can be used to play and record audio and midi. Use pw-cat -h to get some more help. There are some aliases like pw-play and pw-record to make things easier:

$ pw-play /home/wim/data/01.\ Firepower.wav

Running JACK applications

Depending on how the system was configured, you can either run PipeWire and JACK side-by-side or have PipeWire take over the functionality of JACK completely.

In dual mode, JACK apps will by default use the JACK server. To direct a JACK app to PipeWire, you can use the pw-jack script like this:

$ pw-jack <appname>

If you replaced JACK with PipeWire completely, pw-jack does not have any effect and can be omitted.

JACK applications will automatically use the buffer-size chosen by the server. You can force a maximum buffer size (latency) by setting the PIPEWIRE_LATENCY environment variable like so:

PIPEWIRE_LATENCY=128/48000 jack_simple_client

Requests the jack_simple_client to run with a buffer of 128 or less samples.

Running PulseAudio applications

PipeWire can run a PulseAudio compatible replacement server. You can't use both servers at the same time. Usually your package manager will make the server conflict so that you can only install one or the other.

PulseAudio applications still use the regular PulseAudio client libraries and you don't need to do anything else than change the server implementation.

A successful swap of the server can be verified by checking the output of

pactl info

It should include the string:

...
Server Name: PulseAudio (on PipeWire 0.3.x)
...

You can use pavucontrol to change profiles and ports, change volumes or redirect streams, just like with PulseAudio.

Running ALSA applications

If the PipeWire alsa module is installed, it can be seen with

$ aplay -L

ALSA applications can then use the pipewire: device to use PipeWire as the audio system.

Running GStreamer applications

PipeWire includes 2 GStreamer elements called pipewiresrc and pipewiresink. They can be used in pipelines such as this:

$ gst-launch-1.0 pipewiresrc ! videoconvert ! autovideosink

Or to play a beeping sound:

$ gst-launch-1.0 audiotestsrc ! pipewiresink

PipeWire provides a device monitor as well so that

$ gst-device-monitor-1.0

shows the PipeWire devices and applications like cheese will automatically use the PipeWire video source when possible.

Inspecting the PipeWire state

To inspect and manipulate the PipeWire graph via GUI, you can use Helvum.

Alternatively, you can use use one of the excellent JACK tools, such as Carla, catia, qjackctl, ... However, you will not be able to see all features like the video ports.

pw-mon dumps and monitors the state of the PipeWire daemon.

pw-dot can dump a graph of the pipeline, check out the help for how to do this.

pw-top monitors the real-time status of the graph. This is handy to find out what clients are running and how much DSP resources they use.

pw-dump dumps the state of the PipeWire daemon in JSON format. This can be used to find out the properties and parameters of the objects in the PipeWire daemon.

There is a more complicated tool to inspect the state of the server with pw-cli. This tool can be used interactively or it can execute single commands like this to get the server information:

$ pw-cli info 0

Documentation

Find tutorials and design documentation here.

The (incomplete) autogenerated API docs are here.

The Wiki can be found here

Contributing

PipeWire is Free Software and is developed in the open. It is mostly licensed under the MIT license. Check LICENSE for more details about the exceptions.

Contributors are encouraged to submit merge requests or file bugs on gitlab.

Join us on IRC at #pipewire on OFTC.

We adhere to the Contributor Covenant for our code of conduct.

Donate using Liberapay.

Getting help

You can ask for help on the IRC channel (see above). You can also ask questions by raising a gitlab issue.