mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-01 06:46:47 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: add missing NULL check after strdup in pw_strv_insert

Browse source 
Memory Safety: Medium

In pw_strv_insert(), the strdup(str) result at the insertion position
was not checked for failure. A NULL would be stored in the string
vector, causing NULL dereferences when callers iterate the vector.

Fix by checking the strdup() return value and cleaning up on failure.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-28 13:24:05 +02:00
parent e474303991
commit 106f641ff3
1 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/pipewire/conf.c
View file

@ -920,7 +920,7 @@ static int parse_objects(void *user_data, const char *location,
static char **pw_strv_insert_at(char **strv, int len, int pos, const char *str) static char **pw_strv_insert_at(char **strv, int len, int pos, const char *str)
{ {
char **n; char **n, *t = NULL;
if (len < 0) { if (len < 0) {
len = 0; len = 0;
@ -933,15 +933,17 @@ static char **pw_strv_insert_at(char **strv, int len, int pos, const char *str)
size_t alloc_size; size_t alloc_size;
if (spa_overflow_add((size_t)len, (size_t)2, &alloc_size) || if (spa_overflow_add((size_t)len, (size_t)2, &alloc_size) ||
spa_overflow_mul(alloc_size, sizeof(char*), &alloc_size) || spa_overflow_mul(alloc_size, sizeof(char*), &alloc_size) ||
(t = strdup(str)) == NULL ||
(n = realloc(strv, alloc_size)) == NULL) { (n = realloc(strv, alloc_size)) == NULL) {
free(t);
pw_free_strv(strv); pw_free_strv(strv);
return NULL; return NULL;
} }
strv = n; strv = n;
memmove(strv+pos+1, strv+pos, sizeof(char*) * (len+1-pos)); memmove(strv+pos+1, strv+pos, sizeof(char*) * (len+1-pos));
strv[pos] = strdup(str); strv[pos] = t;
return strv; return strv;
} }