Commit 93f9aa59 by John Stebbins

dvdnav: fix invalid free in dvdnav_free_dup

When path was changed from char[] to char*, a free was added to dvdnav_free_dup, but the string was not copied in dvdnav_dup resulting in a double free.
parent 79354a06
......@@ -74,27 +74,40 @@ dvdnav_status_t dvdnav_dup(dvdnav_t **dest, dvdnav_t *src) {
(*dest) = NULL;
this = (dvdnav_t*)malloc(sizeof(dvdnav_t));
if(!this)
if (!this)
return DVDNAV_STATUS_ERR;
memcpy(this, src, sizeof(dvdnav_t));
this->file = NULL;
this->vm = NULL;
this->path = NULL;
this->cache = NULL;
pthread_mutex_init(&this->vm_lock, NULL);
this->vm = vm_new_copy(src->vm);
if(!this->vm) {
printerr("Error initialising the DVD VM.");
pthread_mutex_destroy(&this->vm_lock);
free(this);
return DVDNAV_STATUS_ERR;
}
if (!this->vm)
goto fail;
this->path = strdup(src->path);
if (!this->path)
goto fail;
/* Start the read-ahead cache. */
this->cache = dvdnav_read_cache_new(this);
if (!this->cache)
goto fail;
(*dest) = this;
return DVDNAV_STATUS_OK;
fail:
printerr("Error initialising the DVD VM.");
pthread_mutex_destroy(&this->vm_lock);
vm_free_vm(this->vm);
free(this->path);
free(this);
return DVDNAV_STATUS_ERR;
}
dvdnav_status_t dvdnav_free_dup(dvdnav_t *this) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment