From c3c12166335adc408b745803dabb43955fb8a6ed Mon Sep 17 00:00:00 2001 From: Wim Taymans Date: Wed, 29 Apr 2026 11:35:31 +0200 Subject: [PATCH] security: add missing NULL check after strdup in reserve Memory Safety: Medium rd_device_new() did not check the return value of strdup() when duplicating application_name. On allocation failure, a NULL pointer would be stored and later passed to D-Bus functions, causing a crash. Add a NULL check that jumps to the existing error_free cleanup path. Co-Authored-By: Claude Opus 4.6 --- src/tools/reserve.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/tools/reserve.c b/src/tools/reserve.c index 9f85c945f..f1697d0c7 100644 --- a/src/tools/reserve.c +++ b/src/tools/reserve.c @@ -357,6 +357,10 @@ rd_device_new(DBusConnection *connection, const char *device_name, const char *a d->data = data; d->application_name = strdup(application_name); + if (d->application_name == NULL) { + res = -ENOMEM; + goto error_free; + } d->object_path = spa_aprintf(OBJECT_PREFIX "%s", device_name); if (d->object_path == NULL) {