From 715d1736e9c19f62e8afc07904a395e8db0167db Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Wed, 29 Apr 2026 14:07:52 +0200
Subject: [PATCH] security: add missing NULL checks after calloc in LADSPA
 plugin

Memory Safety: Medium

ladspa_plugin_make_desc() calls calloc() twice without checking the
return value. If either allocation fails, the code dereferences a NULL
pointer, causing a crash. Add NULL checks after both calloc calls and
properly free the descriptor struct if the ports allocation fails.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 spa/plugins/filter-graph/plugin_ladspa.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/spa/plugins/filter-graph/plugin_ladspa.c b/spa/plugins/filter-graph/plugin_ladspa.c
index 54315861b..3883c1831 100644
--- a/spa/plugins/filter-graph/plugin_ladspa.c
+++ b/spa/plugins/filter-graph/plugin_ladspa.c
@@ -156,6 +156,8 @@ static const struct spa_fga_descriptor *ladspa_plugin_make_desc(void *plugin, co
 		return NULL;
 
 	desc = calloc(1, sizeof(*desc));
+	if (desc == NULL)
+		return NULL;
 	desc->d = d;
 
 	desc->desc.instantiate = ladspa_instantiate;
@@ -172,6 +174,10 @@ static const struct spa_fga_descriptor *ladspa_plugin_make_desc(void *plugin, co
 
 	desc->desc.n_ports = d->PortCount;
 	desc->desc.ports = calloc(desc->desc.n_ports, sizeof(struct spa_fga_port));
+	if (desc->desc.ports == NULL) {
+		free(desc);
+		return NULL;
+	}
 
 	for (i = 0; i < desc->desc.n_ports; i++) {
 		desc->desc.ports[i].index = i;