pipewire/spa/plugins/alsa
Wim Taymans d4cf1d0d6f security: bound alloca size for udev property strings
Memory Safety: Low

The udev device enumeration code uses alloca(strlen(str) + 1) to
allocate stack buffers for unescaping ID_VENDOR_ENC and ID_MODEL_ENC
udev properties. These property values originate from the udev database
and could theoretically be manipulated through custom udev rules or
crafted USB device descriptors. An excessively long property value
would cause unbounded stack allocation.

Add a 1024-byte cap on the alloca size and skip the unescape step for
oversized values, falling back to the raw encoded string.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-29 14:22:33 +02:00
..
acp security: replace strcpy with memcpy in alsa_id_decode 2026-04-27 16:15:10 +02:00
mixer acp: partially revert f76327e076 2026-04-28 12:01:06 +02:00
90-pipewire-alsa.rules
acp-tool.c
alsa-acp-device.c
alsa-compress-offload-device.c
alsa-compress-offload-sink.c
alsa-pcm-device.c
alsa-pcm-sink.c
alsa-pcm-source.c
alsa-pcm.c
alsa-pcm.h
alsa-seq-bridge.c
alsa-seq.c
alsa-seq.h
alsa-udev.c security: bound alloca size for udev property strings 2026-04-29 14:22:33 +02:00
alsa.c
alsa.h
compress-offload-api-util.c
compress-offload-api-util.h
compress-offload-api.c security: add missing O_CLOEXEC/SOCK_CLOEXEC flags 2026-04-28 12:20:33 +02:00
compress-offload-api.h
meson.build
test-hw-params.c
test-timer.c