From 43931caccbcde6001c18611a04afb2d3f5d4611b Mon Sep 17 00:00:00 2001 From: Wim Taymans Date: Tue, 28 Apr 2026 13:20:13 +0200 Subject: [PATCH] security: add missing NULL check after strdup in context factory registry Memory Safety: Medium In pw_context_set_spa_libs(), strdup(lib) was not checked for failure. A NULL entry->lib would cause a NULL dereference when the factory library path is later looked up and used for dlopen(). Fix by checking the strdup() return value and cleaning up the regex and array entry on failure. Co-Authored-By: Claude Opus 4.6 --- src/pipewire/context.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/pipewire/context.c b/src/pipewire/context.c index c2188c112..63a3ae9c9 100644 --- a/src/pipewire/context.c +++ b/src/pipewire/context.c @@ -1030,6 +1030,11 @@ int pw_context_add_spa_lib(struct pw_context *context, } entry->lib = strdup(lib); + if (entry->lib == NULL) { + regfree(&entry->regex); + pw_array_remove(&context->factory_lib, entry); + return -ENOMEM; + } pw_log_debug("%p: map factory regex '%s' to '%s", context, factory_regexp, lib); return 0;