Skip to content

V
vlc
Commit 6dc3844a authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont
Browse files
Options

Zero tab entries when you allocate them 

Fix unitialized pointer usages (possibly exploitable).
(cherry picked from commit 6d3c22f2)
parent 4f26e725
Hide whitespace changes
Inline Side-by-side
Showing with 14 additions and 17 deletions
modules/demux/playlist/xspf.c
View file @ 6dc3844a
......@@ -498,25 +498,22 @@ static bool parse_track_node COMPLEX_INTERFACE
if( !strcmp( psz_name, psz_element ) )
{
FREE_ATT();
if( p_demux->p_sys->i_identifier <
p_demux->p_sys->i_tracklist_entries )
if( p_demux->p_sys->i_identifier >=
p_demux->p_sys->i_tracklist_entries )
{
p_demux->p_sys->pp_tracklist[
p_demux->p_sys->i_identifier ] = p_new_input;
}
else
{
if( p_demux->p_sys->i_identifier >
p_demux->p_sys->i_tracklist_entries )
{
p_demux->p_sys->i_tracklist_entries =
p_demux->p_sys->i_identifier;
}
INSERT_ELEM( p_demux->p_sys->pp_tracklist,
p_demux->p_sys->i_tracklist_entries,
p_demux->p_sys->i_tracklist_entries,
p_new_input );
input_item_t **pp;
pp = realloc( p_demux->p_sys->pp_tracklist,
(p_demux->p_sys->i_identifier + 1) * sizeof(*pp) );
if( !pp )
return false;
p_demux->p_sys->pp_tracklist = pp;
while( p_demux->p_sys->i_identifier >=
p_demux->p_sys->i_tracklist_entries )
pp[p_demux->p_sys->i_tracklist_entries++] = NULL;
}
p_demux->p_sys->pp_tracklist[
p_demux->p_sys->i_identifier ] = p_new_input;
return true;
}
/* there MUST have been a start tag for that element name */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment