From 94ffe88b65c0fe2c51d15c4aea29022629bdf79f Mon Sep 17 00:00:00 2001 From: Michael Tretter Date: Fri, 28 Jun 2019 14:00:36 +0200 Subject: [PATCH] filter: return error if id cannot be dereferenced If an ID cannot be de-referenced, e.g., because the builder buffer is too small, spa_pod_filter() still reports success, but the result is NULL. Any subsequent access to result will cause a segfault. Return an error if no pod is found to properly propagate and handle the error. The segfault can be reproduced by using the v4l2 module with Vivid devices [0], because the buffer for the v4l2 controls is too small. [0] https://github.com/PipeWire/pipewire/issues/138 --- spa/include/spa/pod/filter.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/spa/include/spa/pod/filter.h b/spa/include/spa/pod/filter.h index dd2e9931f..2668ecd67 100644 --- a/spa/include/spa/pod/filter.h +++ b/spa/include/spa/pod/filter.h @@ -359,6 +359,8 @@ spa_pod_filter(struct spa_pod_builder *b, if (filter == NULL) { spa_pod_builder_raw_padded(b, pod, SPA_POD_SIZE(pod)); *result = (struct spa_pod*)b->data; + if (!*result) + return -EINVAL; return 0; }