mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-29 06:46:38 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/spa/plugins
History
Wim Taymans f3538dd7fe security: validate metadata length before subtraction in BIS config 
Memory Safety: Critical

When a Bluetooth BIS metadata entry has length=0 (e.g. when the JSON
config contains a "type" key but no "value" key, leaving the
calloc-initialized length at zero), the expression
'metadata_entry->length - 1' underflows to SIZE_MAX because the int
value is implicitly converted to size_t in the memcpy call. This causes
memcpy to read far past the metadata_entry->value buffer, leading to a
heap buffer overflow and likely crash.

Add a check that metadata_entry->length >= 1 before the subtraction,
rejecting entries with invalid length.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-27 11:03:54 +02:00
..
aec spa: aec: Add some channel config validation 2026-03-17 12:06:25 +00:00
alsa alsa: acp: don’t override user-selected port on availability changes 2026-04-16 10:45:01 +00:00
audioconvert spa: add spa_alloca that does overflow and limit checks 2026-04-27 10:53:44 +02:00
audiomixer audiomixer: only add the input port to mix_list 2026-03-11 12:36:39 +01:00
audiotestsrc spa: do not use SPA_PROP_live 2026-03-27 18:03:24 +01:00
avb modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
bluez5 security: validate metadata length before subtraction in BIS config 2026-04-27 11:03:54 +02:00
control mixer: handle control.ump property 2026-03-25 11:59:43 +01:00
ffmpeg
filter-graph spa: add and use spa_overflow macros 2026-04-24 15:55:35 +02:00
jack *: don't include standard C headers inside of extern "C" 2025-05-30 09:48:28 +01:00
libcamera spa: libcamera: use std::span 2026-03-27 09:57:56 +01:00
support spa: system: make spa_poll_event compatible with epoll_events 2026-04-06 10:24:32 +00:00
test spa: do not use SPA_PROP_live 2026-03-27 18:03:24 +01:00
v4l2 v4l2: use 0x as the prefix for hex values 2026-03-09 13:50:38 +01:00
videoconvert audioadapter: remap port id for port_reuse_buffer on target 2026-04-20 07:55:54 +00:00
videotestsrc spa: do not use SPA_PROP_live 2026-03-27 18:03:24 +01:00
volume treewide: access the position information using helpers 2025-10-21 13:06:25 +02:00
vulkan vulkan: fix wrong descriptor image info index 2026-04-21 15:13:03 +00:00
meson.build spa/plugins: revert "Disable alsa plugin on !Linux platforms." 2026-03-12 09:20:05 +00:00