On Thu, 2016-08-18 at 18:17 +0200, Peter Meerwald-Stadler wrote: > if data->source is NULL, pa_source_output_new_data_set_source() may > fail to set data->source; > the false retval is ignored, leading to a NULL dereference in > pa_source_get_state(data->source) below > > CID 1323590 > --- > Â src/pulsecore/source-output.c | 3 ++- > Â 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/src/pulsecore/source-output.c b/src/pulsecore/source- > output.c > index 35ef1c5..d6a1d57 100644 > --- a/src/pulsecore/source-output.c > +++ b/src/pulsecore/source-output.c > @@ -271,7 +271,8 @@ int pa_source_output_new( > Â Â Â Â Â Â Â Â Â Â Â Â Â pa_return_val_if_fail(source, -PA_ERR_NOENTITY); > Â Â Â Â Â Â Â Â Â } > Â > -Â Â Â Â Â Â Â Â pa_source_output_new_data_set_source(data, source, false); > +Â Â Â Â Â Â Â Â if (!pa_source_output_new_data_set_source(data, source, false)) > +Â Â Â Â Â Â Â Â Â Â Â Â return -PA_ERR_NOTSUPPORTED; The function can fail only if the source doesn't support the requested formats, and we already have code that returns -PA_ERR_NOTSUPPORTED if the format negotiation fails, with nice log messages that don't necessarily get printed after this patch. The only way how the NULL dereferencing could happen is if something sets data->format, but doesn't set data->source. That would be a bug, because the format can only be negotiated when the source is known. I think we can just add pa_assert(data->source) before the pointer is dereferenced to make Coverity happy. --Â Tanu
