ucm: Unsafe assertion (configuration error crashes pulseaudio)
@tanuk
Submitted by Tanu Kaskinen Assigned to pul..@..op.org
Description
In alsa_mapping_add_ucm_modifier() there's this code:
/* save mapping to ucm modifier */
if (m->direction == PA_ALSA_DIRECTION_OUTPUT) {
modifier->playback_mapping = m;
channel_str = pa_proplist_gets(modifier->proplist, PA_ALSA_PROP_UCM_PLAYBACK_CHANNELS);
} else {
modifier->capture_mapping = m;
channel_str = pa_proplist_gets(modifier->proplist, PA_ALSA_PROP_UCM_CAPTURE_CHANNELS);
}
if (channel_str) {
pa_assert_se(pa_atou(channel_str, &channels) == 0 && channels < PA_CHANNELS_MAX);
pa_log_debug("Got channel count %" PRIu32 " for modifier", channels);
}
If I understand the code correctly, the channels property comes directly from the UCM configuration file, and the correctness of the property is not checked before this point. Therefore, if the channels are misconfigured in UCM, that will crash PulseAudio. That should never happen. Proper error handling is needed here. One complication is that the function can't currently fail. I haven't checked how much effort it would take to change the function so that it could fail - it may be easy, or it may propagate further. Another option would be to validate the channels property at some earlier stage.