mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-30 06:46:49 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/spa/plugins
History
Wim Taymans e3c20982a8 security: add missing NULL checks after calloc in filter-graph 
Memory Safety: Medium

Multiple calloc() calls for node port arrays and the graph handle
array were not checked for NULL returns. If memory allocation fails,
the code immediately dereferences the NULL pointers in subsequent
loops, causing a crash. An attacker who can influence the filter
graph configuration (e.g., through config files specifying many
ports) could potentially trigger this condition.

Fixed by adding NULL checks after all unchecked calloc calls and
properly cleaning up on failure.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-28 13:02:50 +02:00
..
aec spa: aec: Add some channel config validation 2026-03-17 12:06:25 +00:00
alsa security: add missing O_CLOEXEC/SOCK_CLOEXEC flags 2026-04-28 12:20:33 +02:00
audioconvert channelmix: add SEE 7p1 to stereo downmix 2026-04-27 15:59:38 +02:00
audiomixer audiomixer: rate limit the "out of buffers" debug 2026-04-28 10:34:39 +02:00
audiotestsrc spa: do not use SPA_PROP_live 2026-03-27 18:03:24 +01:00
avb modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
bluez5 security: reject negative DBus array lengths in Bluetooth transport 2026-04-27 11:04:52 +02:00
control mixer: handle control.ump property 2026-03-25 11:59:43 +01:00
ffmpeg spa: use log topics everywhere 2024-03-11 18:45:21 +02:00
filter-graph security: add missing NULL checks after calloc in filter-graph 2026-04-28 13:02:50 +02:00
jack *: don't include standard C headers inside of extern "C" 2025-05-30 09:48:28 +01:00
libcamera spa: libcamera: use std::span 2026-03-27 09:57:56 +01:00
support security: add missing O_CLOEXEC/SOCK_CLOEXEC flags 2026-04-28 12:20:33 +02:00
test spa: do not use SPA_PROP_live 2026-03-27 18:03:24 +01:00
v4l2 security: add missing O_CLOEXEC flag to V4L2 device open 2026-04-28 12:56:40 +02:00
videoconvert overflow: fix some more potential overflows 2026-04-27 12:29:31 +02:00
videotestsrc spa: do not use SPA_PROP_live 2026-03-27 18:03:24 +01:00
volume treewide: access the position information using helpers 2025-10-21 13:06:25 +02:00
vulkan vulkan: fix wrong descriptor image info index 2026-04-21 15:13:03 +00:00
meson.build spa/plugins: revert "Disable alsa plugin on !Linux platforms." 2026-03-12 09:20:05 +00:00