LADI
/
pipewire
1
Fork 0
Code Actions

spa: add spa_ptrinside 

Add a new overflow safe function to check if region p2 of size s2 fits
completely in p1 of size s1. Use this to bounds check the pod iterators.

Fixes #3727
This commit is contained in:
Wim Taymans 2023-12-20 20:18:33 +01:00
parent 92ac9a355f
commit 10d3c547d1
2 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
spa/include/spa/pod/iter.h
View File

@ -28,8 +28,7 @@ struct spa_pod_frame {
static inline bool spa_pod_is_inside(const void *pod, uint32_t size, const void *iter)
{
return SPA_POD_BODY(iter) <= SPA_PTROFF(pod, size, void) &&
SPA_PTROFF(iter, SPA_POD_SIZE(iter), void) <= SPA_PTROFF(pod, size, void);
return spa_ptrinside(pod, size, iter, SPA_POD_SIZE(iter));
}
static inline void *spa_pod_next(const void *iter)
@ -45,8 +44,7 @@ static inline struct spa_pod_prop *spa_pod_prop_first(const struct spa_pod_objec
static inline bool spa_pod_prop_is_inside(const struct spa_pod_object_body *body,
uint32_t size, const struct spa_pod_prop *iter)
{
return SPA_POD_CONTENTS(struct spa_pod_prop, iter) <= SPA_PTROFF(body, size, void) &&
SPA_PTROFF(iter, SPA_POD_PROP_SIZE(iter), void) <= SPA_PTROFF(body, size, void);
return spa_ptrinside(body, size, iter, SPA_POD_PROP_SIZE(iter));
}
static inline struct spa_pod_prop *spa_pod_prop_next(const struct spa_pod_prop *iter)
@ -62,8 +60,7 @@ static inline struct spa_pod_control *spa_pod_control_first(const struct spa_pod
static inline bool spa_pod_control_is_inside(const struct spa_pod_sequence_body *body,
uint32_t size, const struct spa_pod_control *iter)
{
return SPA_POD_CONTENTS(struct spa_pod_control, iter) <= SPA_PTROFF(body, size, void) &&
SPA_PTROFF(iter, SPA_POD_CONTROL_SIZE(iter), void) <= SPA_PTROFF(body, size, void);
return spa_ptrinside(body, size, iter, SPA_POD_CONTROL_SIZE(iter));
}
static inline struct spa_pod_control *spa_pod_control_next(const struct spa_pod_control *iter)
@ -73,7 +70,7 @@ static inline struct spa_pod_control *spa_pod_control_next(const struct spa_pod_
#define SPA_POD_ARRAY_BODY_FOREACH(body, _size, iter) \
for ((iter) = (__typeof__(iter))SPA_PTROFF((body), sizeof(struct spa_pod_array_body), void); \
(iter) < (__typeof__(iter))SPA_PTROFF((body), (_size), void); \
spa_ptrinside(body, _size, iter, (body)->child.size); \
(iter) = (__typeof__(iter))SPA_PTROFF((iter), (body)->child.size, void))
#define SPA_POD_ARRAY_FOREACH(obj, iter) \
@ -81,7 +78,7 @@ static inline struct spa_pod_control *spa_pod_control_next(const struct spa_pod_
#define SPA_POD_CHOICE_BODY_FOREACH(body, _size, iter) \
for ((iter) = (__typeof__(iter))SPA_PTROFF((body), sizeof(struct spa_pod_choice_body), void); \
(iter) < (__typeof__(iter))SPA_PTROFF((body), (_size), void); \
spa_ptrinside(body, _size, iter, (body)->child.size); \
(iter) = (__typeof__(iter))SPA_PTROFF((iter), (body)->child.size, void))
#define SPA_POD_CHOICE_FOREACH(obj, iter) \

7
spa/include/spa/utils/defs.h
View File

@ -178,7 +178,6 @@ struct spa_fraction {
#define SPA_PTROFF_ALIGN(ptr_,offset_,alignment_,type_) \
SPA_PTR_ALIGN(SPA_PTROFF(ptr_,offset_,type_),alignment_,type_)
/**
* Deprecated, use SPA_PTROFF and SPA_PTROFF_ALIGN instead
*/
@ -189,6 +188,12 @@ struct spa_fraction {
#define SPA_PTRDIFF(p1,p2) ((intptr_t)(p1) - (intptr_t)(p2))
static inline bool spa_ptrinside(const void *p1, size_t s1, const void *p2, size_t s2)
{
return (uintptr_t)p1 <= (uintptr_t)p2 && s2 <= s1 &&
(uintptr_t)p2 - (uintptr_t)p1 <= s1 - s2;
}
#define SPA_PTR_TO_INT(p) ((int) ((intptr_t) (p)))
#define SPA_INT_TO_PTR(u) ((void*) ((intptr_t) (u)))