vlc | branch: master | Filip Roséen <[email protected]> | Thu Mar 2 17:40:23 2017 +0100| [ba4699385f30536c6531273c5fb1812025cda615] | committer: Jean-Baptiste Kempf
demux/subtitle: TextLoad + TextUnload: prevent double-free There is a relationshop between the value of txt->i_line_count and txt->line stating that the value of txt->line is undefined if txt->i_line_count is zero. As the above might seem simple enough, it leads to a case double-free if one does not pay attention and check the value of txt->i_line_count prior to working with txt->line; as in TextUnload. These changes make sure that we do not read from txt->line unless we know that it is safe. Signed-off-by: Jean-Baptiste Kempf <[email protected]> > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=ba4699385f30536c6531273c5fb1812025cda615 --- modules/demux/subtitle.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/demux/subtitle.c b/modules/demux/subtitle.c index ff3a64d..7e7d6f5 100644 --- a/modules/demux/subtitle.c +++ b/modules/demux/subtitle.c @@ -841,11 +841,12 @@ static int TextLoad( text_t *txt, stream_t *s ) } static void TextUnload( text_t *txt ) { - for( size_t i = 0; i < txt->i_line_count; i++ ) + if( txt->i_line_count ) { - free( txt->line[i] ); + for( size_t i = 0; i < txt->i_line_count; i++ ) + free( txt->line[i] ); + free( txt->line ); } - free( txt->line ); txt->i_line = 0; txt->i_line_count = 0; } _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
