Review Request 127840: phonon: Avoid use-after-free after enumerating pulseaudio devices

Michael Pyne mpyne at
Wed Jun 8 14:12:14 BST 2016

This is an automatically generated e-mail. To reply, visit:

(Updated June 8, 2016, 3:12 p.m.)


This change has been marked as submitted.

Review request for Phonon.


Submitted with commit 62d3f5555c356883e23f0ab70d1c56ea5aa4cfd0 by Harald Sitter to branch 4.9.

Repository: phonon


Coverity notes (CID 1336170) there's a potential use-after-free in the PulseAudio support code (pulsesupport.cpp:472 uses `u`, which may have been deleted at pulsesupport.cpp:408 if this was the last time the callback needed to be run).

Since there are some interesting git commits trying to troubleshoot corruption of the data being used at :472 (e.g. 23954b3c2ba3401f6c9843eb0490d7cc26598395, 71e136457c3a609b4af86de083d2dbb44a858f84 investigating a crash followed by 2671a170bef5196d55649a26a9cd5e108acb931b removing some of the extra asserts), I'm assuming this has actually happened at least some of the time.

The problem with fixing is that the lifetime of the `userdata` must be dynamic since (from what I can tell), the callback can be called multiple times. So as long as the `info` block is filled in before the very last callback is made, things would seem to work fine and there's no problem using `u`.

The fix is as simple as delaying the delete call to just before the function return once you're past the `if (eol)` block. Since there are multiple return points I opted to make a very simple scope guard class that should do the right thing without needing multiple levels of indirection. But it wouldn't be hard just to manually delete in the right spots either and remove the existing `delete u`.


  phonon/pulsesupport.cpp 6594c61 



I don't actually have PulseAudio so to be honest I'm not even sure if this compiles...


Michael Pyne

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
kde-multimedia mailing list
kde-multimedia at

More information about the kde-multimedia mailing list