pulse-server: fix sample playing uaf (!1618) · Merge requests · PipeWire / pipewire

Barnabás Pőcze requested to merge pobrn/pipewire:fix_sample_uaf into master May 09, 2023

From the main commit:

Previously, a client disconnecting while a sample was playing could
lead to issues. For example, if a client disconnected before the
"ready" signal of the sample-play arrives, `operation_new_cb()`
would be called and that would try to use the client's pw_manager,
however, that has previously been destroyed in `client_disconnect()`.

If the client disconnected after the "ready" signal but before the reply
has been sent, then `sample_play_ready_reply()` would never be called
since operations are completed via the client's pw_manager which
would already be destroyed at that point.

Fix this by installing a listener on the client, and properly
cancelling the operation and making sure that the pending_sample
is correctly destroyed.

Admin message

pulse-server: fix sample playing uaf

Merge request reports