mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-29 06:46:38 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/src
History
Wim Taymans d60ae4a1df security: fix unchecked alloca in pulse protocol message handling 
Memory Safety: High

The add_stream_group() function computes a buffer size from the sum of
multiple string lengths, including user-controlled dictionary values
(media role, app name, etc.), and passes it to alloca() without any
bounds check. A malicious client could send very long property strings
causing an integer overflow in the size computation (wrapping a
negative/small int) or an excessively large stack allocation, leading
to a stack overflow.

Add a bounds check to reject sizes that are negative or exceed 1024
bytes before calling alloca().

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-24 16:08:45 +02:00
..
daemon filter-chain: update virtual surround with convolver2 2026-04-21 17:03:55 +02:00
examples impl-node: accept more node.passive values 2026-03-12 17:25:36 +01:00
gst gst: fix crop height typo in pipewiresink do_send_buffer 2026-04-21 20:19:24 +01:00
modules security: fix unchecked alloca in pulse protocol message handling 2026-04-24 16:08:45 +02:00
pipewire spa: add and use spa_overflow macros 2026-04-24 15:55:35 +02:00
tests stream: return -EIO when doing get_time in != STREAMING 2026-02-12 12:26:33 +01:00
tools spa: add and use spa_overflow macros 2026-04-24 15:55:35 +02:00
meson.build meson.build: fix compile with -Dexamples=disabled 2023-11-28 10:18:25 +00:00