libcdio-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Libcdio-devel] libcdio-1.1.0 - fix double free error

From: Chris Clayton
Subject: [Libcdio-devel] libcdio-1.1.0 - fix double free error
Date: Fri, 22 Dec 2017 18:59:52 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 
e9340644362825a2133a8a784d1240edeb65df86 changed cdtext_destroy() by adding a 
call to free() to release the memory used
by the cdtext_t argument. However, when cdtext_destroy() is called by 
get_cd_generic(), the latter then attempts to free
the cdtext_t again, resulting in an double-free error in glibc. (In turn, that 
means that it is impossible to play audio
cds with the audacious media player.) The patch below fixes this.

--- libcdio-1.1.0/lib/driver/_cdio_generic.c.orig       2017-12-08 
19:42:57.000000000 +0000
+++ libcdio-1.1.0/lib/driver/_cdio_generic.c    2017-12-22 18:47:29.303972609 
+0000
@@ -297,7 +297,6 @@ get_cdtext_generic (void *p_user_data)
       if(len <= 0 || 0 != cdtext_data_init (p_env->cdtext, &p_cdtext_data[4], 
len)) {
         p_env->b_cdtext_error = true;
         cdtext_destroy (p_env->cdtext);
-        free(p_env->cdtext);
         p_env->cdtext = NULL;
       }

Hope this helps and thanks for your work on libcdio.

Chris
reply via email to
[Prev in Thread] Current Thread [Next in Thread]