[DVDnav-discuss] [PATCH] libdvdread: Fix crash when PTT is too short
Frédéric Marchal
fmarchal at perso.be
Mon Jul 11 06:11:27 CEST 2011
On Monday 11 July 2011 00:09:00 Erik Hovland wrote:
> >> diff --git a/src/ifo_read.c b/src/ifo_read.c
> >> index 4a422c6..fc5b39b 100644
> >> --- a/src/ifo_read.c
> >> +++ b/src/ifo_read.c
> >> @@ -1177,8 +1177,7 @@ int ifoRead_VTS_PTT_SRPT(ifo_handle_t *ifofile) {
> >>
> >> info_length = vts_ptt_srpt->last_byte + 1 - VTS_PTT_SRPT_SIZE;
> >>
> >> - data = (uint32_t *)malloc(info_length);
> >> - if(!data) {
> >> + if(!(data = malloc(info_length))) {
> >
> > Personally I prefer not to merge the lines, I think it makes the code
> > harder to read, but that's not important..
>
> Fine w/ me. I fixed the other malloc to not have the cast as well.
>
> > Probably not this way though.
> > If you initialize data and vts_ptt_srpt to NULL
> > you only need
> >
> >> err_out:
> >> free(data);
> >> ifofile->vts_ptt_srpt = 0;
> >> free(vts_ptt_srpt);
> >> return 0;
>
> New patch does it the way you suggest.
Isn't it necessary to free vts_ptt_srpt->title too to avoid a memory leak?
And, if it does, make sure to initialize it to NULL just after the malloc of
vts_ptt_srpt so that an invalid pointer doesn't get freed if the goto is
called before vts_ptt_srpt->title is allocated (for instance if DVDReadBytes
fails or data cannot be allocated).
Frederic
More information about the DVDnav-discuss
mailing list