[pulseaudio-commits] r1450 - /trunk/src/pulsecore/sample-util.c
svnmailer-noreply at 0pointer.de
svnmailer-noreply at 0pointer.de
Wed May 23 09:59:12 PDT 2007
Author: lennart
Date: Wed May 23 18:59:03 2007
New Revision: 1450
URL: http://0pointer.de/cgi-bin/viewcvs.cgi?rev=3D1450&root=3Dpulseaudio&vi=
ew=3Drev
Log:
Fix a DoS with allocating overly large silence buffers. (Identified by Luig=
i Auriemma (re #67)
Modified:
trunk/src/pulsecore/sample-util.c
Modified: trunk/src/pulsecore/sample-util.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/sample-util=
.c?rev=3D1450&root=3Dpulseaudio&r1=3D1449&r2=3D1450&view=3Ddiff
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
--- trunk/src/pulsecore/sample-util.c (original)
+++ trunk/src/pulsecore/sample-util.c Wed May 23 18:59:03 2007
@@ -38,13 +38,25 @@
#include "sample-util.h"
#include "endianmacros.h"
=
+#define PA_SILENCE_MAX (1024*1024*1)
+
pa_memblock *pa_silence_memblock_new(pa_mempool *pool, const pa_sample_spe=
c *spec, size_t length) {
+ size_t fs;
assert(pool);
assert(spec);
=
if (length =3D=3D 0)
length =3D pa_bytes_per_second(spec)/20; /* 50 ms */
=
+ if (length > PA_SILENCE_MAX)
+ length =3D PA_SILENCE_MAX;
+
+ fs =3D pa_frame_size(spec);
+ length =3D ((PA_SILENCE_MAX+fs-1) / fs) * fs;
+
+ if (length <=3D 0)
+ length =3D fs;
+ =
return pa_silence_memblock(pa_memblock_new(pool, length), spec);
}
=
More information about the pulseaudio-commits
mailing list