From f32295429f49a4a358659def9ee08671ff5f75fc Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Wed, 29 Apr 2026 17:13:56 +0200
Subject: [PATCH] security: fix module leak on OOM in PulseAudio do_load_module

If module_create succeeded but the subsequent calloc for
pending_module failed, the module was leaked in the modules map.
Move the calloc before module_create so failure cleanup is trivial.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 src/modules/module-protocol-pulse/pulse-server.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/modules/module-protocol-pulse/pulse-server.c b/src/modules/module-protocol-pulse/pulse-server.c
index 23dd9a363..1973d3bec 100644
--- a/src/modules/module-protocol-pulse/pulse-server.c
+++ b/src/modules/module-protocol-pulse/pulse-server.c
@@ -5162,14 +5162,16 @@ static int do_load_module(struct client *client, uint32_t command, uint32_t tag,
 	pw_log_info("[%s] %s name:%s argument:%s",
 			client->name, commands[command].name, name, argument);
 
-	module = module_create(impl, name, argument);
-	if (module == NULL)
-		return -errno;
-
 	pm = calloc(1, sizeof(*pm));
 	if (pm == NULL)
 		return -errno;
 
+	module = module_create(impl, name, argument);
+	if (module == NULL) {
+		free(pm);
+		return -errno;
+	}
+
 	pm->tag = tag;
 	pm->client = client;
 	pm->module = module;