fdo-mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-20 19:28:11 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/src/modules/module-rtp
History
Wim Taymans 110495ed9f security: fix unchecked write_event return value in RTP MIDI 
Memory Safety: Critical

write_event() returns a negative int on error (-ENOSPC or -ERANGE),
but its return value was added directly to the uint32_t len variable
without checking. A negative return value would wrap len to a very
large number due to unsigned integer conversion, causing subsequent
buffer writes to go far out of bounds. This could lead to stack
corruption and potential code execution.

Fix by checking the return value of write_event() before using it.
If write_event() fails, abort the flush operation safely.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-29 13:57:45 +02:00
..
apple-midi.h Merge branch 'master' into 'fix_san_build' 2023-03-10 10:10:25 +00:00
audio.c module-rtp: Lower missing timeout log line from warn to trace 2026-03-30 23:45:34 +02:00
midi.c security: fix unchecked write_event return value in RTP MIDI 2026-04-29 13:57:45 +02:00
opus.c module-rtp: handle the send_packet/feedback as callbacks 2026-03-26 09:34:45 +01:00
ptp.h module-rtp-sap: review 2024-01-22 16:41:06 +00:00
rtp.h module-rtp: Fix bounds checks in MIDI parsing 2025-07-15 10:46:10 +02:00
sap.h treewide: use SPDX tags to specify copyright information 2023-02-16 10:54:48 +00:00
stream.c module-rtp: handle the send_packet/feedback as callbacks 2026-03-26 09:34:45 +01:00
stream.h modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00