mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-29 06:46:38 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/src/modules/module-vban
History
Wim Taymans 328ab5a611 security: validate VBAN MIDI variable-length integers to prevent overflow 
Memory Safety: High

The VBAN MIDI parse_varlen() function performed unbounded left-shifting
of a uint32_t value without overflow checking, allowing a crafted VBAN
network packet to cause integer overflow. This could produce incorrect
size calculations in get_midi_size(), leading to out-of-bounds memory
access when processing MIDI packets.

Added overflow guard (value > UINT32_MAX >> 7) matching the existing
fix in the RTP MIDI implementation, plus an overflow check on the size
addition in get_midi_size() and an avail bounds check.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-27 11:22:50 +02:00
..
audio.c security: fix missing packet length validation in VBAN audio receive 2026-04-24 15:55:35 +02:00
midi.c security: validate VBAN MIDI variable-length integers to prevent overflow 2026-04-27 11:22:50 +02:00
stream.c module-vban: derive write position from frame counter 2026-02-27 22:48:12 -08:00
stream.h
vban.h pipewire: module-vban: fix vban serial header 2024-12-14 23:09:45 +01:00