From 411c087095e1cb8e9d3ef5b1c850a98b81f7fa44 Mon Sep 17 00:00:00 2001
From: "Igor V. Kovalenko" <igor.v.kovalenko@gmail.com>
Date: Tue, 1 Jun 2021 20:27:03 +0300
Subject: [PATCH] alsa-mixer: prevent double-free on decibel fixes object key

When decibel fixes object is cloned, there is only a shallow copy of `key`
string member of original object. This may lead to double-free crash reported in
pipewire tracker https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1125

Fix this by doing a deep copy of `key` string to maintain correct ownership.

Part-of: <https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/merge_requests/569>
---
 src/modules/alsa/alsa-mixer.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/modules/alsa/alsa-mixer.c b/src/modules/alsa/alsa-mixer.c
index c29ab966c..7b755ce97 100644
--- a/src/modules/alsa/alsa-mixer.c
+++ b/src/modules/alsa/alsa-mixer.c
@@ -3571,6 +3571,7 @@ finish:
                      * object. */
                     e->db_fix = pa_xnewdup(pa_alsa_decibel_fix, db_fix, 1);
                     e->db_fix->profile_set = NULL;
+                    e->db_fix->key = pa_xstrdup(db_fix->key);
                     e->db_fix->name = pa_xstrdup(db_fix->name);
                     e->db_fix->db_values = pa_xmemdup(db_fix->db_values, (db_fix->max_step - db_fix->min_step + 1) * sizeof(long));
                 }