Lipasto

Commit: 52336ad64548edfddf18c20bd1a58b3c07bf5a4b
Parent: 9672cf410f8bf5445df98b221f24c035664fec11
Author: Bastien Nocera <hadess@hadess.net>
Committer: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: 2024-05-16 23:37:02
Tree: 5d052c0d2de4c428530d7539c8c48c469c17e1d0

shared/bap: Fix possible use-after-free stream_set_state() might call bap_stream_detach() if the stream is in the process of being detached, causing a use-after-free. Return false from stream_set_state() if the stream is unsafe to manipulate (ie. was in the process of being detached and freed). Error: USE_AFTER_FREE (CWE-416): [#def37] [important] src/shared/bap.c:2490:2: freed_arg: "stream_set_state" frees "stream". src/shared/bap.c:2493:2: deref_after_free: Dereferencing freed pointer "stream". 2491| 2492| /* Sink can autonomously for to Streaming state if io already exits */ 2493|-> if (stream->io && stream->ep->dir == BT_BAP_SINK) 2494| stream_set_state(stream, BT_BAP_STREAM_STATE_STREAMING); 2495|

Diffstat

src/shared/bap.c

++++++- - -

1 files changed, 6 insertions(+), 3 deletions(-)

View Full Diff | Patch