internal/pipewire: spa_dict trailing garbage within POD
All checks were successful
Test / Create distribution (push) Successful in 42s
Test / Sandbox (push) Successful in 1m30s
Test / Hakurei (push) Successful in 2m26s
Test / Hpkg (push) Successful in 3m20s
Test / Sandbox (race detector) (push) Successful in 4m21s
Test / Hakurei (race detector) (push) Successful in 5m11s
Test / Flake checks (push) Successful in 1m24s
All checks were successful
Test / Create distribution (push) Successful in 42s
Test / Sandbox (push) Successful in 1m30s
Test / Hakurei (push) Successful in 2m26s
Test / Hpkg (push) Successful in 3m20s
Test / Sandbox (race detector) (push) Successful in 4m21s
Test / Hakurei (race detector) (push) Successful in 5m11s
Test / Flake checks (push) Successful in 1m24s
This performs the check within the bounds of the POD only. This was not caught since spa_dict was only used as the final struct field until now. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
parent
b1b27ac1df
commit
a0eb010aab
SSH Key Fingerprint:
SHA256:wr6yH7sDDbUFi81k/GsIGwpM3O2QrwqYlLF26CcJa4w
@ -400,6 +400,8 @@ func (d *SPADict) UnmarshalPOD(data []byte) (Word, error) {
|
|||||||
if err := unmarshalCheckTypeBounds(&data, SPA_TYPE_Struct, &wireSize); err != nil {
|
if err := unmarshalCheckTypeBounds(&data, SPA_TYPE_Struct, &wireSize); err != nil {
|
||||||
return wireSize, err
|
return wireSize, err
|
||||||
}
|
}
|
||||||
|
// bounds check completed in successful call to unmarshalCheckTypeBounds
|
||||||
|
data = data[:wireSize]
|
||||||
|
|
||||||
if size, err := Unmarshal(data, &d.NItems); err != nil {
|
if size, err := Unmarshal(data, &d.NItems); err != nil {
|
||||||
return wireSize, err
|
return wireSize, err
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user