From 08efbf2254491b22fa308eea4f3aed8da50c3b2e Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Tue, 28 Apr 2026 12:35:48 +0200
Subject: [PATCH] security: add missing NULL check after calloc in
 plugin_builtin

Memory Safety: Medium

In the fallback code path when spa-plugins support is not compiled in,
calloc() for the output sample buffer was not checked for NULL. If the
allocation fails (e.g., due to a large n_samples value from filter
configuration), spa_memcpy would dereference a NULL pointer.

Fixed by adding a NULL check and returning NULL on allocation failure.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 spa/plugins/filter-graph/plugin_builtin.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/spa/plugins/filter-graph/plugin_builtin.c b/spa/plugins/filter-graph/plugin_builtin.c
index 131e9a165..26499a7aa 100644
--- a/spa/plugins/filter-graph/plugin_builtin.c
+++ b/spa/plugins/filter-graph/plugin_builtin.c
@@ -1014,6 +1014,8 @@ error:
 #else
 	spa_log_error(impl->log, "compiled without spa-plugins support, can't resample");
 	float *out_samples = calloc(*n_samples, sizeof(float));
+	if (out_samples == NULL)
+		return NULL;
 	spa_memcpy(out_samples, samples, *n_samples * sizeof(float));
 	return out_samples;
 #endif