claunia/flac
1
0
Fork 0
mirror of https://github.com/claunia/flac.git synced 2025-12-16 18:54:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

stream_decoder.c : Fix free-ing of unitilialized pointer.

Browse Source 
Found using afl (http://lcamtuf.coredump.cx/afl/).
This commit is contained in:
Erik de Castro Lopo
2014-12-11 20:40:37 +11:00
parent b4b2910bdc
commit 18a4854510
1 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/libFLAC/stream_decoder.c
View File

@@ -1742,6 +1742,10 @@ FLAC__bool read_metadata_vorbiscomment_(FLAC__StreamDecoder *decoder, FLAC__Stre
return false;
}
for (i = 0; i < obj->num_comments; i++) {
/* Initialize here just to make sure. */
obj->comments[i].length = 0;
obj->comments[i].entry = 0;
FLAC__ASSERT(FLAC__STREAM_METADATA_VORBIS_COMMENT_ENTRY_LENGTH_LEN == 32);
if (length < 4) {
obj->num_comments = i;
@@ -1753,8 +1757,6 @@ FLAC__bool read_metadata_vorbiscomment_(FLAC__StreamDecoder *decoder, FLAC__Stre
return false; /* read_callback_ sets the state for us */
if (obj->comments[i].length > 0) {
if (length < obj->comments[i].length) {
obj->comments[i].length = 0;
obj->comments[i].entry = 0;
obj->num_comments = i;
goto skip;
}
@@ -1764,8 +1766,11 @@ FLAC__bool read_metadata_vorbiscomment_(FLAC__StreamDecoder *decoder, FLAC__Stre
decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
return false;
}
if (!FLAC__bitreader_read_byte_block_aligned_no_crc(decoder->private_->input, obj->comments[i].entry, obj->comments[i].length))
return false; /* read_callback_ sets the state for us */
memset (obj->comments[i].entry, 0, obj->comments[i].length) ;
if (!FLAC__bitreader_read_byte_block_aligned_no_crc(decoder->private_->input, obj->comments[i].entry, obj->comments[i].length)) {
obj->num_comments = i;
goto skip;
}
obj->comments[i].entry[obj->comments[i].length] = '\0';
}
else