mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-03 06:47:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/spa
History
Wim Taymans d4cf1d0d6f security: bound alloca size for udev property strings 
Memory Safety: Low

The udev device enumeration code uses alloca(strlen(str) + 1) to
allocate stack buffers for unescaping ID_VENDOR_ENC and ID_MODEL_ENC
udev properties. These property values originate from the udev database
and could theoretically be manipulated through custom udev rules or
crafted USB device descriptors. An excessively long property value
would cause unbounded stack allocation.

Add a 1024-byte cap on the alloca size and skip the unescape step for
oversized values, falling back to the raw encoded string.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-29 14:22:33 +02:00
..
examples spa: examples: fix getopt usage + typos in adapter-control 2025-10-26 14:12:19 +00:00
include security: fix format string vulnerability in hook.h example code 2026-04-29 11:33:44 +02:00
include-private/spa-private
lib spa: update lib.c 2026-03-09 18:33:32 +01:00
plugins security: bound alloca size for udev property strings 2026-04-29 14:22:33 +02:00
tests spa/tests: remove unused #include <linux/limits.h> 2026-03-11 21:50:21 +00:00
tools tools: port various tools to the new json-builder 2026-02-26 10:51:17 +01:00
meson.build meson: Always use -fno-strict-aliasing and -fno-strict-overflow 2025-07-24 07:30:28 +00:00