diff options
author | Lennart Poettering <lennart@poettering.net> | 2007-05-23 16:42:26 +0000 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2007-05-23 16:42:26 +0000 |
commit | cf925b10e157c0ae87ff876dd8047586226afa87 (patch) | |
tree | da56fc8a57a1359a91802b2f767d067f9df94532 /src/pulsecore | |
parent | c3b5de77bc2cacc4aa94b1ee982c93222eb9261c (diff) |
Fix yet another DoS vulnerability, also identified Luigi Auriemma (re #67)
git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1448 fefdeb5f-60dc-0310-8127-8f9354f1896f
Diffstat (limited to 'src/pulsecore')
-rw-r--r-- | src/pulsecore/protocol-native.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/pulsecore/protocol-native.c b/src/pulsecore/protocol-native.c index 4e861f85..774f6918 100644 --- a/src/pulsecore/protocol-native.c +++ b/src/pulsecore/protocol-native.c @@ -763,7 +763,8 @@ static void command_create_playback_stream(PA_GCC_UNUSED pa_pdispatch *pd, PA_GC CHECK_VALIDITY(c->pstream, pa_cvolume_valid(&volume), tag, PA_ERR_INVALID); CHECK_VALIDITY(c->pstream, map.channels == ss.channels && volume.channels == ss.channels, tag, PA_ERR_INVALID); CHECK_VALIDITY(c->pstream, maxlength > 0 && maxlength <= MAX_MEMBLOCKQ_LENGTH, tag, PA_ERR_INVALID); - + CHECK_VALIDITY(c->pstream, maxlength >= pa_frame_size(&ss), tag, PA_ERR_INVALID); + if (sink_index != PA_INVALID_INDEX) { sink = pa_idxset_get_by_index(c->protocol->core->sinks, sink_index); CHECK_VALIDITY(c->pstream, sink, tag, PA_ERR_NOENTITY); |