Bug #5410
Crash in src/descrambler/descrambler.c:1285
0%
Description
free() in line src/descrambler/descrambler.c:1285 will be called if des->last_data is NULL.
Files
History
Updated by Jerome Jerome about 6 years ago
FIX:
--- src/descrambler/descrambler.c.orig 2018-12-06 20:09:19.754402210 0100
++ src/descrambler/descrambler.c 2018-12-09 21:35:53.211691464 0100@ -1282,7 +1282,8
@
}
if (des->last_data == NULL || len != des->last_data_len ||
memcmp(des->last_data, ptr, len)) {
- free(des->last_data);
if (des->last_data)
+ free(des->last_data);
des->last_data = malloc(len);
if (des->last_data) {
memcpy(des->last_data, ptr, len);
Updated by Joe User about 6 years ago
I do not think it affects any platforms for which tvheadend is built.
[[https://stackoverflow.com/questions/1938735/does-freeptr-where-ptr-is-null-corrupt-memory]]
Updated by Luis Alves about 6 years ago
Why not:
diff --git a/src/descrambler/descrambler.c b/src/descrambler/descrambler.c index 63b70b205..9b06bf6c1 100644 --- a/src/descrambler/descrambler.c +++ b/src/descrambler/descrambler.c @@ -1282,8 +1282,7 @@ descrambler_table_callback } if (des->last_data == NULL || len != des->last_data_len || memcmp(des->last_data, ptr, len)) { - free(des->last_data); - des->last_data = malloc(len); + des->last_data = realloc(des->last_data, len); if (des->last_data) { memcpy(des->last_data, ptr, len); des->last_data_len = len;