mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-29 06:46:38 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/src/modules/module-protocol-pulse
History
Wim Taymans 8d352fe52e security: fix integer overflow in PulseAudio message buffer allocation 
Memory Safety: High

In ensure_size(), the check `m->length + size <= m->allocated` could
overflow when both m->length and size are large uint32_t values,
wrapping around to a small number and incorrectly passing the bounds
check. This could allow writing past the end of the allocated buffer.

Rewrite the check as `size <= m->allocated - m->length` which cannot
overflow since we already verified m->length <= m->allocated. Also add
an explicit overflow check for the new allocation size calculation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-23 17:46:47 +02:00
..
modules zeroconf: sanitize the properties 2026-02-27 17:31:42 +01:00
client.c loop: spa_loop_invoke -> spa_loop_locked where possible 2025-05-30 11:59:35 +02:00
client.h pipewire-pulse: Expose bluetooth headset autoswitch config as a message 2026-01-26 14:44:30 -08:00
cmd.c pulse-server: fix pulse.cmd load-module not loading multiple overrides 2024-11-28 19:34:22 +00:00
cmd.h treewide: use SPDX tags to specify copyright information 2023-02-16 10:54:48 +00:00
collect.c pulse-server: Fix missing subscription events on device port changes 2025-11-03 15:31:15 +00:00
collect.h pulse-server: add stream/device state in dev_info 2023-11-20 11:39:31 +01:00
commands.h treewide: use SPDX tags to specify copyright information 2023-02-16 10:54:48 +00:00
dbus-name.c treewide: use SPDX tags to specify copyright information 2023-02-16 10:54:48 +00:00
dbus-name.h treewide: use SPDX tags to specify copyright information 2023-02-16 10:54:48 +00:00
defs.h pulse-server: use timeout also for creating sample-play streams 2026-02-02 11:25:01 +00:00
extension.c pulse-server: move extension to modules 2024-01-23 13:31:05 +01:00
extension.h pulse-server: move extension to modules 2024-01-23 13:31:05 +01:00
format.c spa: remove some obsolete functions 2025-10-24 09:35:59 +02:00
format.h format: Add support for sample rate of 1.536 Mhz 2026-01-09 01:16:30 +01:00
internal.h pulse-server: use the new timer-queue for timeouts 2025-09-18 13:55:43 +02:00
log.h treewide: use SPDX tags to specify copyright information 2023-02-16 10:54:48 +00:00
manager.c pulse-server: disconnect from server on EPROTO 2026-02-02 11:16:15 +00:00
manager.h *: don't include standard C headers inside of extern "C" 2025-05-30 09:48:28 +01:00
message-handler.c pulse-server: use null to clear the value 2026-01-27 10:17:34 +01:00
message-handler.h treewide: use SPDX tags to specify copyright information 2023-02-16 10:54:48 +00:00
message.c security: fix integer overflow in PulseAudio message buffer allocation 2026-04-23 17:46:47 +02:00
message.h pulse-server: message: use union to store event data 2024-05-15 08:31:40 +00:00
module.c spa: remove some obsolete functions 2025-10-24 09:35:59 +02:00
module.h pulse-server: add a pipewire-pulse:list-modules message 2025-09-26 10:55:10 +02:00
operation.c treewide: use SPDX tags to specify copyright information 2023-02-16 10:54:48 +00:00
operation.h pulse-server: add operation_free_by_tag() 2023-05-10 18:57:20 +00:00
pending-sample.c pulse-server: pending-sample: handle client disconnection correctly 2023-05-10 18:57:20 +00:00
pending-sample.h pulse-server: pending-sample: handle client disconnection correctly 2023-05-10 18:57:20 +00:00
pulse-server.c pulse-server: update initial stream is_paused state 2026-04-15 18:25:28 +02:00
pulse-server.h *: don't include standard C headers inside of extern "C" 2025-05-30 09:48:28 +01:00
quirks.c pulse-server: add quirk to block record and playback streams 2024-09-23 10:56:40 +02:00
quirks.h pulse-server: add quirk to block record and playback streams 2024-09-23 10:56:40 +02:00
remap.c treewide: use SPDX tags to specify copyright information 2023-02-16 10:54:48 +00:00
remap.h treewide: use SPDX tags to specify copyright information 2023-02-16 10:54:48 +00:00
reply.c pulse-server: include "reply.h" in "reply.h" 2023-07-03 19:40:31 +02:00
reply.h treewide: use SPDX tags to specify copyright information 2023-02-16 10:54:48 +00:00
sample-play.c pulse-server: use timeout also for creating sample-play streams 2026-02-02 11:25:01 +00:00
sample-play.h pulse-server: use timeout also for creating sample-play streams 2026-02-02 11:25:01 +00:00
sample.c treewide: use SPDX tags to specify copyright information 2023-02-16 10:54:48 +00:00
sample.h treewide: use SPDX tags to specify copyright information 2023-02-16 10:54:48 +00:00
server.c module-protocol-native: Fix socket activation 2026-03-02 10:28:26 +01:00
server.h treewide: use SPDX tags to specify copyright information 2023-02-16 10:54:48 +00:00
snap-policy.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
snap-policy.h Replace even more spaces with tabs 2024-01-12 11:35:17 +00:00
stream.c pulse-server: use timeout also for creating sample-play streams 2026-02-02 11:25:01 +00:00
stream.h pulse-server: clear timer when stream is created 2025-09-18 14:22:00 +02:00
utils.c security: fix unbounded sprintf in check_flatpak 2026-04-23 16:24:46 +02:00
utils.h protocol-pulse: implement readiness notification 2024-10-22 09:50:27 +02:00
volume.c spa: add spa_audio_parse_position_n 2025-10-21 09:59:13 +02:00
volume.h treewide: use SPDX tags to specify copyright information 2023-02-16 10:54:48 +00:00