security: fix one-byte OOB read in module_args_add_props

A trailing backslash in a module argument string would cause the escape handling to advance past the null terminator, reading one byte out of bounds on the next loop iteration. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-03 06:47:04 -04:00 · 2026-04-29 18:24:13 +02:00 · 2026-04-29 18:24:13 +02:00 · 6d2600c09d
commit 6d2600c09d
parent c6faaff410
1 changed files with 4 additions and 1 deletions
--- a/src/modules/module-protocol-pulse/module.c
+++ b/src/modules/module-protocol-pulse/module.c
@ -147,8 +147,11 @@ void module_args_add_props(struct pw_properties *props, const char *str)
 		for (e = p; *p ;) {
 			if (*p == f)
 				break;
-			if (*p == '\\')
+			if (*p == '\\') {
 				p++;
+				if (*p == '\0')
+					break;
+			}
 			*e++ = *p++;
 		}
 		if (*p != '\0')