# HG changeset patch
# User erik
# Date 1296431049 0
# Node ID 46c05a21451102bc0f9bb1c04d8954c53b4ef8fe
# Parent  3bc84128397215cd4569c46322e75f7c435c22a5
Inhibit double free of parental management information

If reading the country data fails the point to the parental
management information is not nulled out. So it is possible for
the same structure to be freed twice. To inhibit this whenever
the country data read fails the structure pointer is assigned
null. Patch submitted by Frederic Marchal, fmarchal at
perso dot be. Thanks for being patient and reworking the patch
when requested.

diff -r 3bc841283972 -r 46c05a214511 ifo_read.c
--- a/ifo_read.c	Sat Sep 11 15:15:43 2010 +0000
+++ b/ifo_read.c	Sun Jan 30 23:44:09 2011 +0000
@@ -1325,6 +1325,9 @@
     ifofile->ptl_mait = 0;
     return 0;
   }
+  for(i = 0; i < ptl_mait->nr_of_countries; i++) {
+    ptl_mait->countries[i].pf_ptl_mai = NULL;
+  }
 
   for(i = 0; i < ptl_mait->nr_of_countries; i++) {
     if(!(DVDReadBytes(ifofile->file, &ptl_mait->countries[i], PTL_MAIT_COUNTRY_SIZE))) {
@@ -1357,18 +1360,21 @@
       fprintf(stderr, "libdvdread: Unable to seek PTL_MAIT table.\n");
       free(ptl_mait->countries);
       free(ptl_mait);
+      ifofile->ptl_mait = NULL;
       return 0;
     }
     info_length = (ptl_mait->nr_of_vtss + 1) * sizeof(pf_level_t);
     pf_temp = (uint16_t *)malloc(info_length);
     if(!pf_temp) {
       free_ptl_mait(ptl_mait, i);
+      ifofile->ptl_mait = NULL;
       return 0;
     }
     if(!(DVDReadBytes(ifofile->file, pf_temp, info_length))) {
       fprintf(stderr, "libdvdread: Unable to read PTL_MAIT table.\n");
       free(pf_temp);
       free_ptl_mait(ptl_mait, i);
+      ifofile->ptl_mait = NULL;
       return 0;
     }
     for (j = 0; j < ((ptl_mait->nr_of_vtss + 1) * 8); j++) {
@@ -1378,6 +1384,7 @@
     if(!ptl_mait->countries[i].pf_ptl_mai) {
       free(pf_temp);
       free_ptl_mait(ptl_mait, i);
+      ifofile->ptl_mait = NULL;
       return 0;
     }
     { /* Transpose the array so we can use C indexing. */