mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-25 06:46:40 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: fix missing malloc/realloc NULL checks in pw-dot

Browse source 
Memory Safety: High

In dot_data_init(), the return value of malloc() was not checked before
dereferencing, causing a NULL pointer dereference if allocation fails.

In dot_data_ensure_max_size(), the return value of realloc() was
assigned directly to dd->data without checking for NULL, which both
loses the original pointer (memory leak) and causes a NULL pointer
dereference on subsequent use.

Add NULL checks for both cases. For realloc, use a temporary variable
to preserve the original pointer on failure.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-23 16:43:05 +02:00
parent b414d2af19
commit 508407b350
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/tools/pw-dot.c
View file

@ -88,6 +88,8 @@ static bool dot_data_init(struct dot_data * dd, size_t size)
return false; return false;
dd->data = malloc(sizeof (char) * size); dd->data = malloc(sizeof (char) * size);
if (dd->data == NULL)
return false;
dd->data[0] = '\0'; dd->data[0] = '\0';
dd->size = 0; dd->size = 0;
dd->max_size = size; dd->max_size = size;
@ -108,7 +110,10 @@ static void dot_data_ensure_max_size (struct dot_data * dd, size_t size)
size_t new_size = dd->size + size + 1; size_t new_size = dd->size + size + 1;
if (new_size > dd->max_size) { if (new_size > dd->max_size) {
size_t next_size = new_size * 2; size_t next_size = new_size * 2;
dd->data = realloc (dd->data, next_size); void *p = realloc (dd->data, next_size);
if (p == NULL)
return;
dd->data = p;
dd->max_size = next_size; dd->max_size = next_size;
} }
} }