Mercurial > audlegacy-plugins
changeset 2471:6039012d8252
Certain piece of allocated memory was free'd before we were done with it,
causing mayhem of accessing (read only, tho) of unassigned memory. Fixed,
should close bugzilla #199.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Sat, 29 Mar 2008 12:52:18 +0200 |
| parents | 2848669e63a4 |
| children | 999098953bcd |
| files | src/madplug/input.c |
| diffstat | 1 files changed, 15 insertions(+), 17 deletions(-) [+] |
line wrap: on
line diff
--- a/src/madplug/input.c Sat Mar 29 12:14:17 2008 +0200 +++ b/src/madplug/input.c Sat Mar 29 12:52:18 2008 +0200 @@ -199,17 +199,16 @@ *(tmp + tmp_len) = 0; //terminate ptr += tmp_len; + /* id3_genre_name may, in some cases, return the given string + * so we must free it after we're done, not before. + */ genre = (id3_ucs4_t *)id3_genre_name((const id3_ucs4_t *)tmp); + tmp_len = mad_ucs4len(genre); + memcpy(ret + ret_len, genre, BYTES(tmp_len)); + ret_len += tmp_len; + *(ret + ret_len) = 0; //terminate g_free(tmp); - tmp = NULL; - - if (genre) { - tmp_len = mad_ucs4len(genre); - memcpy(ret + ret_len, genre, BYTES(tmp_len)); - ret_len += tmp_len; - } - *(ret + ret_len) = 0; //terminate } } else { @@ -235,18 +234,17 @@ *(tmp + tmp_len) = 0; //terminate ptr += tmp_len; + /* id3_genre_name may, in some cases, return the given string + * so we must free it after we're done, not before. + */ genre = (id3_ucs4_t *)id3_genre_name((const id3_ucs4_t *)tmp); AUDDBG("genre length = %d\n", mad_ucs4len(genre)); - + + tmp_len = mad_ucs4len(genre); + memcpy(ret + ret_len, genre, BYTES(tmp_len)); + ret_len += tmp_len; + *(ret + ret_len) = 0; //terminate g_free(tmp); - tmp = NULL; - - if (genre) { - tmp_len = mad_ucs4len(genre); - memcpy(ret + ret_len, genre, BYTES(tmp_len)); - ret_len += tmp_len; - } - *(ret + ret_len) = 0; //terminate } else { // plain text tmp_len = end - ptr;