| Description: This fixes a use after free and double free if an empty comment |
| chunk follows a non-empty one. |
| Author: Mans Rullgard <mans@mansr.com> |
| Forwarded: not-needed |
| --- |
| src/aiff.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| Index: sox/src/aiff.c |
| =================================================================== |
| --- sox.orig/src/aiff.c |
| +++ sox/src/aiff.c |
| @@ -62,7 +62,6 @@ int lsx_aiffstartread(sox_format_t * ft) |
| size_t ssndsize = 0; |
| char *annotation; |
| char *author; |
| - char *comment = NULL; |
| char *copyright; |
| char *nametext; |
| |
| @@ -270,6 +269,7 @@ int lsx_aiffstartread(sox_format_t * ft) |
| free(annotation); |
| } |
| else if (strncmp(buf, "COMT", (size_t)4) == 0) { |
| + char *comment = NULL; |
| rc = commentChunk(&comment, "Comment:", ft); |
| if (rc) { |
| /* Fail already called in function */ |