projects / platform / upstream / pulseaudio.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3a1affa)
alsa-mixer: prevent double-free on decibel fixes object key
authorIgor V. Kovalenko <igor.v.kovalenko@gmail.com>
Tue, 1 Jun 2021 17:27:03 +0000 (20:27 +0300)
committerIgor V. Kovalenko <igor.v.kovalenko@gmail.com>
Tue, 1 Jun 2021 17:34:54 +0000 (20:34 +0300)
When decibel fixes object is cloned, there is only a shallow copy of `key`
string member of original object. This may lead to double-free crash reported in
pipewire tracker https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1125

Fix this by doing a deep copy of `key` string to maintain correct ownership.

Part-of: <https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/merge_requests/569>

src/modules/alsa/alsa-mixer.c patch | blob | history

diff --git a/src/modules/alsa/alsa-mixer.c b/src/modules/alsa/alsa-mixer.c
index c29ab96..7b755ce 100644 (file)
--- a/src/modules/alsa/alsa-mixer.c
+++ b/src/modules/alsa/alsa-mixer.c
@@ -3571,6 +3571,7 @@ finish:
                      * object. */
                     e->db_fix = pa_xnewdup(pa_alsa_decibel_fix, db_fix, 1);
                     e->db_fix->profile_set = NULL;
+                    e->db_fix->key = pa_xstrdup(db_fix->key);
                     e->db_fix->name = pa_xstrdup(db_fix->name);
                     e->db_fix->db_values = pa_xmemdup(db_fix->db_values, (db_fix->max_step - db_fix->min_step + 1) * sizeof(long));
                 }
Domain: Multimedia / Audio FW;