rpms
/
pipewire
7
0
Fork 0
Code Issues Pull Requests Releases Activity
pipewire/0001-media-session-make-sur...

124 lines
3.8 KiB
Diff
Raw Blame History

From 0da406d30407f574f4cc28a0e3532aec4dd9fdb6 Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Thu, 1 Oct 2020 11:32:40 +0200
Subject: [PATCH] media-session: make sure we don't read invalid data
---
src/examples/media-session/default-routes.c | 23 ++++++++++++------
src/examples/media-session/restore-stream.c | 26 ++++++++++++++++-----
2 files changed, 36 insertions(+), 13 deletions(-)
diff --git a/src/examples/media-session/default-routes.c b/src/examples/media-session/default-routes.c
index 6c3a4627..ef7fcda3 100644
--- a/src/examples/media-session/default-routes.c
+++ b/src/examples/media-session/default-routes.c
@@ -176,10 +176,13 @@ static int restore_route(struct device *dev, const char *val, uint32_t index, ui
spa_pod_builder_prop(&b, SPA_PARAM_ROUTE_props, 0);
spa_pod_builder_push_object(&b, &f[1],
SPA_TYPE_OBJECT_Props, SPA_PARAM_Route);
- for (p = val; *p; p++) {
+
+ p = val;
+ while (*p) {
if (strstr(p, "volume:") == p) {
- vol = strtof(p+7, &end);
- if (end == p + 7)
+ p += 7;
+ vol = strtof(p, &end);
+ if (end == p)
continue;
spa_pod_builder_prop(&b, SPA_PROP_volume, 0);
spa_pod_builder_float(&b, vol);
@@ -192,14 +195,18 @@ static int restore_route(struct device *dev, const char *val, uint32_t index, ui
p+=6;
}
else if (strstr(p, "volumes:") == p) {
- n_vols = strtol(p+8, &end, 10);
- if (end == p+8 || n_vols >= SPA_AUDIO_MAX_CHANNELS)
+ p += 8;
+ n_vols = strtol(p, &end, 10);
+ if (end == p)
continue;
p = end;
+ if (n_vols >= SPA_AUDIO_MAX_CHANNELS)
+ continue;
vols = alloca(n_vols * sizeof(float));
for (i = 0; i < n_vols && *p == ','; i++) {
- vols[i] = strtof(p+1, &end);
- if (end == p+1)
+ p++;
+ vols[i] = strtof(p, &end);
+ if (end == p)
break;
p = end;
}
@@ -209,6 +216,8 @@ static int restore_route(struct device *dev, const char *val, uint32_t index, ui
spa_pod_builder_prop(&b, SPA_PROP_channelVolumes, 0);
spa_pod_builder_array(&b, sizeof(float), SPA_TYPE_Float,
n_vols, vols);
+ } else {
+ p++;
}
}
spa_pod_builder_pop(&b, &f[1]);
diff --git a/src/examples/media-session/restore-stream.c b/src/examples/media-session/restore-stream.c
index 094a2b1b..237683a3 100644
--- a/src/examples/media-session/restore-stream.c
+++ b/src/examples/media-session/restore-stream.c
@@ -202,9 +202,13 @@ static int restore_stream(struct stream *str, const char *val)
spa_pod_builder_push_object(&b, &f[0],
SPA_TYPE_OBJECT_Props, SPA_PARAM_Props);
- for (p = val; *p; p++) {
+ p = val;
+ while (*p) {
if (strstr(p, "volume:") == p) {
- vol = strtof(p+7, &end);
+ p += 7;
+ vol = strtof(p, &end);
+ if (end == p)
+ continue;
spa_pod_builder_prop(&b, SPA_PROP_volume, 0);
spa_pod_builder_float(&b, vol);
p = end;
@@ -216,15 +220,23 @@ static int restore_stream(struct stream *str, const char *val)
p+=6;
}
else if (strstr(p, "volumes:") == p) {
- n_vols = strtol(p+8, &end, 10);
- if (n_vols >= SPA_AUDIO_MAX_CHANNELS)
+ p += 8;
+ n_vols = strtol(p, &end, 10);
+ if (end == p)
continue;
p = end;
+ if (n_vols >= SPA_AUDIO_MAX_CHANNELS)
+ continue;
vols = alloca(n_vols * sizeof(float));
- for (i = 0; i < n_vols; i++) {
- vols[i] = strtof(p+1, &end);
+ for (i = 0; i < n_vols && *p == ','; i++) {
+ p++;
+ vols[i] = strtof(p, &end);
+ if (end == p)
+ break;
p = end;
}
+ if (i != n_vols)
+ continue;
spa_pod_builder_prop(&b, SPA_PROP_channelVolumes, 0);
spa_pod_builder_array(&b, sizeof(float), SPA_TYPE_Float,
n_vols, vols);
@@ -238,6 +250,8 @@ static int restore_stream(struct stream *str, const char *val)
i = end - p;
strncpy(target, p, i);
target[i-1] = 0;
+ } else {
+ p++;
}
}
param = spa_pod_builder_pop(&b, &f[0]);
--
2.26.2
Reference in New Issue View Git Blame Copy Permalink