mirrors
/
flac
mirror of https://github.com/xiph/flac
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Refind import cuesheet op after appending seekpoints (#677) 

This fixes a heap-use-after-free. The free was part of a realloc,
and the cuesheet op handle was still pointing to the old
allocation

Credit: Oss-Fuzz
Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61292
This commit is contained in:
Martijn van Beurden 2024-03-06 16:56:09 +01:00 committed by GitHub
parent e7d336c7a2
commit 37ca81137a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/metaflac/options.c
View File

@ -251,8 +251,11 @@ FLAC__bool parse_options(int argc, char *argv[], CommandLineOptions *options)
Operation *op = find_shorthand_operation(options, OP__IMPORT_CUESHEET_FROM);
if(0 != op) {
Operation *op2 = find_shorthand_operation(options, OP__ADD_SEEKPOINT);
if(0 == op2)
if(0 == op2) {
op2 = append_shorthand_operation(options, OP__ADD_SEEKPOINT);
/* Need to re-find op, because the appending might have caused realloc */
op = find_shorthand_operation(options, OP__IMPORT_CUESHEET_FROM);
}
op->argument.import_cuesheet_from.add_seekpoint_link = &(op2->argument.add_seekpoint);
}
}