mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-02 06:46:36 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: add missing NULL checks after calloc in LADSPA plugin

Browse source 
Memory Safety: Medium

ladspa_plugin_make_desc() calls calloc() twice without checking the
return value. If either allocation fails, the code dereferences a NULL
pointer, causing a crash. Add NULL checks after both calloc calls and
properly free the descriptor struct if the ports allocation fails.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-29 14:07:52 +02:00
parent 5f50055750
commit 715d1736e9
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
spa/plugins/filter-graph/plugin_ladspa.c
View file

@ -156,6 +156,8 @@ static const struct spa_fga_descriptor *ladspa_plugin_make_desc(void *plugin, co
return NULL;
desc = calloc(1, sizeof(*desc));
if (desc == NULL)
return NULL;
desc->d = d;
desc->desc.instantiate = ladspa_instantiate;
@ -172,6 +174,10 @@ static const struct spa_fga_descriptor *ladspa_plugin_make_desc(void *plugin, co
desc->desc.n_ports = d->PortCount;
desc->desc.ports = calloc(desc->desc.n_ports, sizeof(struct spa_fga_port));
if (desc->desc.ports == NULL) {
free(desc);
return NULL;
}
for (i = 0; i < desc->desc.n_ports; i++) {
desc->desc.ports[i].index = i;