Bug #5410
Crash in src/descrambler/descrambler.c:1285
0%
Description
free() in line src/descrambler/descrambler.c:1285 will be called if des->last_data is NULL.
Files
History
Updated by Jerome Jerome almost 6 years ago
Updated by FIX:
--- src/descrambler/descrambler.c.orig 2018-12-06 20:09:19.754402210 0100
++ src/descrambler/descrambler.c 2018-12-09 21:35:53.211691464 0100@ -1282,7 +1282,8 @
}
if (des->last_data == NULL || len != des->last_data_len ||
memcmp(des->last_data, ptr, len)) {
- free(des->last_data);
if (des->last_data)
+ free(des->last_data);
des->last_data = malloc(len);
if (des->last_data) {
memcpy(des->last_data, ptr, len);
Updated by
Updated by Joe User almost 6 years ago
Updated by I do not think it affects any platforms for which tvheadend is built.
[[https://stackoverflow.com/questions/1938735/does-freeptr-where-ptr-is-null-corrupt-memory]]
Updated by Luis Alves almost 6 years ago
Updated by Why not:
diff --git a/src/descrambler/descrambler.c b/src/descrambler/descrambler.c
index 63b70b205..9b06bf6c1 100644
--- a/src/descrambler/descrambler.c
+++ b/src/descrambler/descrambler.c
@@ -1282,8 +1282,7 @@ descrambler_table_callback
}
if (des->last_data == NULL || len != des->last_data_len ||
memcmp(des->last_data, ptr, len)) {
- free(des->last_data);
- des->last_data = malloc(len);
+ des->last_data = realloc(des->last_data, len);
if (des->last_data) {
memcpy(des->last_data, ptr, len);
des->last_data_len = len;
Updated by