When safe_realloc_add_2op_(utfbuf, ...) is called with an invalid size and returns 0, set utfbuf to 0 to avoid second deallocation later in the function. --- src/share/utf8/iconvert.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/share/utf8/iconvert.c b/src/share/utf8/iconvert.c index 472ca876..03068ac9 100644 --- a/src/share/utf8/iconvert.c +++ b/src/share/utf8/iconvert.c @@ -150,8 +150,10 @@ int iconvert(const char *fromcode, const char *tocode, return ret; } newbuf = safe_realloc_add_2op_(utfbuf, (ob - utfbuf), /*+*/1); - if (!newbuf) + if (!newbuf) { + utfbuf = 0; goto fail; + } ob = (ob - utfbuf) + newbuf; *ob = '\0'; *to = newbuf; -- 2.17.1 _______________________________________________ flac-dev mailing list flac-dev@xiph.org http://lists.xiph.org/mailman/listinfo/flac-dev