From bc93a745ab26baca8ca21db89e704fa1446a13be Mon Sep 17 00:00:00 2001 From: Wim Taymans Date: Wed, 29 Apr 2026 11:36:53 +0200 Subject: [PATCH] security: add missing NULL check after strdup in MIDI server Memory Safety: Medium spa_bt_midi_server_new() did not check the return value of strdup() when duplicating the characteristic path. On allocation failure, a NULL chr_path would be returned as part of the server object, leading to a NULL pointer dereference when later used. Add a NULL check that jumps to the existing fail cleanup path. Co-Authored-By: Claude Opus 4.6 --- spa/plugins/bluez5/midi-server.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/spa/plugins/bluez5/midi-server.c b/spa/plugins/bluez5/midi-server.c index fffe5cb27..8c03c670f 100644 --- a/spa/plugins/bluez5/midi-server.c +++ b/spa/plugins/bluez5/midi-server.c @@ -526,6 +526,10 @@ struct spa_bt_midi_server *spa_bt_midi_server_new(const struct spa_bt_midi_serve spa_scnprintf(path, sizeof(path), MIDI_CHR_PATH, impl->server_id); impl->this.chr_path = strdup(path); + if (impl->this.chr_path == NULL) { + res = -ENOMEM; + goto fail; + } return &impl->this;