Bug #5410
closed
Crash in src/descrambler/descrambler.c:1285
Added by Jerome Jerome over 6 years ago.
Updated over 6 years ago.
Description
free() in line src/descrambler/descrambler.c:1285 will be called if des->last_data is NULL.
Files
FIX:
--- src/descrambler/descrambler.c.orig 2018-12-06 20:09:19.754402210 0100
++ src/descrambler/descrambler.c 2018-12-09 21:35:53.211691464 0100
@ -1282,7 +1282,8 @
}
if (des->last_data == NULL || len != des->last_data_len ||
memcmp(des->last_data, ptr, len)) {
- free(des->last_data);
if (des->last_data)
+ free(des->last_data);
des->last_data = malloc(len);
if (des->last_data) {
memcpy(des->last_data, ptr, len);
Why not:
diff --git a/src/descrambler/descrambler.c b/src/descrambler/descrambler.c
index 63b70b205..9b06bf6c1 100644
--- a/src/descrambler/descrambler.c
+++ b/src/descrambler/descrambler.c
@@ -1282,8 +1282,7 @@ descrambler_table_callback
}
if (des->last_data == NULL || len != des->last_data_len ||
memcmp(des->last_data, ptr, len)) {
- free(des->last_data);
- des->last_data = malloc(len);
+ des->last_data = realloc(des->last_data, len);
if (des->last_data) {
memcpy(des->last_data, ptr, len);
des->last_data_len = len;
- Status changed from New to Invalid
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by