mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-03 06:47:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/spa/plugins/alsa
History
Wim Taymans d4cf1d0d6f security: bound alloca size for udev property strings 
Memory Safety: Low

The udev device enumeration code uses alloca(strlen(str) + 1) to
allocate stack buffers for unescaping ID_VENDOR_ENC and ID_MODEL_ENC
udev properties. These property values originate from the udev database
and could theoretically be manipulated through custom udev rules or
crafted USB device descriptors. An excessively long property value
would cause unbounded stack allocation.

Add a 1024-byte cap on the alloca size and skip the unescape step for
oversized values, falling back to the raw encoded string.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-29 14:22:33 +02:00
..
acp security: replace strcpy with memcpy in alsa_id_decode 2026-04-27 16:15:10 +02:00
mixer acp: partially revert f76327e076 2026-04-28 12:01:06 +02:00
90-pipewire-alsa.rules alsa-card-profiles: Add config for a couple of JBL gaming headsets 2026-01-22 15:35:05 +00:00
acp-tool.c spa/plugins: include <stdlib.h> for alloca() on non-linux 2026-03-12 09:21:40 +00:00
alsa-acp-device.c alsa: acp: don’t override user-selected port on availability changes 2026-04-16 10:45:01 +00:00
alsa-compress-offload-device.c spa: alsa: avoid potential uninitialized variable use 2024-09-18 19:54:13 +00:00
alsa-compress-offload-sink.c alsa-compress-offload-sink: Improve write_queued_output_buffers comments 2025-07-18 10:53:59 +02:00
alsa-pcm-device.c spa: alsa: avoid potential uninitialized variable use 2024-09-18 19:54:13 +00:00
alsa-pcm-sink.c spa: acp: get and emit UCM information for SplitPCM devices 2024-12-21 16:03:19 +02:00
alsa-pcm-source.c spa: acp: get and emit UCM information for SplitPCM devices 2024-12-21 16:03:19 +02:00
alsa-pcm.c alsa-pcm: set rate_match rate to 1.0 when not matching 2026-02-05 10:45:11 +01:00
alsa-pcm.h spa: alsa: actually set the channel map when use-chmap=true 2026-01-05 15:37:05 +00:00
alsa-seq-bridge.c alsa-seq: add : between client and port name 2026-04-15 11:20:18 +02:00
alsa-seq.c midi: don't convert Midi in nodes 2026-03-25 11:59:43 +01:00
alsa-seq.h midi: don't convert Midi in nodes 2026-03-25 11:59:43 +01:00
alsa-udev.c security: bound alloca size for udev property strings 2026-04-29 14:22:33 +02:00
alsa.c meson: fix build with missing libudev-devel 2024-02-06 11:49:40 +01:00
alsa.h spa: remove unnecessary indirection for some spa_log_topics 2023-10-06 13:08:24 +00:00
compress-offload-api-util.c alsa-compress-offload: Add device object and udev based autodetection 2023-09-02 08:28:22 +00:00
compress-offload-api-util.h alsa-compress-offload: Add device object and udev based autodetection 2023-09-02 08:28:22 +00:00
compress-offload-api.c security: add missing O_CLOEXEC/SOCK_CLOEXEC flags 2026-04-28 12:20:33 +02:00
compress-offload-api.h alsa-compress-offload: Add device object and udev based autodetection 2023-09-02 08:28:22 +00:00
meson.build meson: fix build with missing libudev-devel 2024-02-06 11:49:40 +01:00
test-hw-params.c treewide: use SPDX tags to specify copyright information 2023-02-16 10:54:48 +00:00
test-timer.c fix compilation some more 2024-06-18 15:41:12 +02:00