From 7c2d8f72513adfbbde79e9772cc4e720366f19d7 Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Wed, 29 Apr 2026 17:54:21 +0200
Subject: [PATCH] security: add missing NULL checks after message_alloc in
 reply

Both reply_new and reply_error passed the message_alloc result directly
to message_put without checking for NULL, which would cause a NULL
pointer dereference on allocation failure.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 src/modules/module-protocol-pulse/reply.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/modules/module-protocol-pulse/reply.c b/src/modules/module-protocol-pulse/reply.c
index 622d8155e..b534a60eb 100644
--- a/src/modules/module-protocol-pulse/reply.c
+++ b/src/modules/module-protocol-pulse/reply.c
@@ -17,6 +17,8 @@
 struct message *reply_new(const struct client *client, uint32_t tag)
 {
 	struct message *reply = message_alloc(client->impl, -1, 0);
+	if (reply == NULL)
+		return NULL;
 
 	pw_log_debug("client %p: new reply tag:%u", client, tag);
 
@@ -55,6 +57,9 @@ int reply_error(struct client *client, uint32_t command, uint32_t tag, int res)
 	       client, client->name, command, name, tag, error, spa_strerror(res));
 
 	reply = message_alloc(impl, -1, 0);
+	if (reply == NULL)
+		return -ENOMEM;
+
 	message_put(reply,
 		TAG_U32, COMMAND_ERROR,
 		TAG_U32, tag,