GNOME Bugzilla – Bug 510592
Race condition in WAVE parser
Last modified: 2008-01-19 14:53:37 UTC
Hi, I tried a fuzzer on Gstreamer to find bugs, and I found some bugs :-) Here is my first fix: set header to NULL after g_free() in gst_wavparse_stream_headers() since it's re-freed later (eg. no_channels label). See attached patch.
Created attachment 103193 [details] [review] Fix reported bug
Thanks, committed. There actually was no way to get a double free (the only points where this label is used are before the free) but there was a usage of the variable after free (invalid_blockalign label). Thanks for spotting. 2008-01-19 Sebastian Dröge <slomo@circular-chaos.org> Based on a patch by: Victor STINNER <victor dot stinner at haypocalc dot com> * gst/wavparse/gstwavparse.c: (gst_wavparse_stream_headers): Set variable to NULL after freeing it to prevent double frees or make failures by another use of it afterwards more obvious and fix use of it after the freeing.