** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1884738
Title: Pulseaudio in Ubuntu 16.04 contains a potential double-free bug in Bluez 5 module Status in pulseaudio package in Ubuntu: Fix Released Bug description: I've found a potential double-free bug in Ubuntu's SCO-over-PCM patch in PA. It creates code paths in pa__init() that will free the modargs twice in its failure handler and in pa__done() called from that handler. However, I can't find a way to trigger this with the current version of the code, as the failure mode of the code is pretty small. The way this bug surface is when I tried to fix the "profile" option in Pulseaudio for UBports' Ubuntu Touch, where I made it failed if the requested profile isn't supported, thus creating a failure mode that can trigger this. Side note: are you interested in this patch? The profile option in Xenial is currently not working, but I guess nothing in Ubuntu uses it. I've attached the patch which should fix the bug. I'm not sure if it worths SRU or not, so it's up to you. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1884738/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
