ref: 72f4f8a6c2c38a135d714bfa2a0831493299aebd
parent: bd607f5c4791d8215092b5a0c92c07159ca0d85f
author: Timothy B. Terriberry <tterribe@xiph.org>
date: Sun Jul 3 15:03:18 EDT 2016
Fix free with uninitialized data in opus_tags_parse(). If the parsing fails before all comments are filled in, we will attempt to free any binary metadata at the position one past the last comment, which will be uninitialized. Introduced in commit 0221ca95fc58.
--- a/src/info.c
+++ b/src/info.c
@@ -199,6 +199,7 @@
if(_tags->user_comments[ci]==NULL)return OP_EFAULT;
_tags->comment_lengths[ci]=(int)count;
_tags->comments=ci+1;
+ _tags->user_comments[ci+1]=NULL;
}
_data+=count;
len-=count;