mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-02 06:46:36 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: fix module leak on OOM in PulseAudio do_load_module

Browse source 
If module_create succeeded but the subsequent calloc for
pending_module failed, the module was leaked in the modules map.
Move the calloc before module_create so failure cleanup is trivial.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-29 17:13:56 +02:00
parent 2d8dc8b457
commit f32295429f
1 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/modules/module-protocol-pulse/pulse-server.c
View file

@ -5162,14 +5162,16 @@ static int do_load_module(struct client *client, uint32_t command, uint32_t tag,
pw_log_info("[%s] %s name:%s argument:%s",
client->name, commands[command].name, name, argument);
module = module_create(impl, name, argument);
if (module == NULL)
return -errno;
pm = calloc(1, sizeof(*pm));
if (pm == NULL)
return -errno;
module = module_create(impl, name, argument);
if (module == NULL) {
free(pm);
return -errno;
}
pm->tag = tag;
pm->client = client;
pm->module = module;