[SCM] libgroove/upstream: fix memory corruption when replaygain scanning large album
andrewrk-guest at users.alioth.debian.org
andrewrk-guest at users.alioth.debian.org
Wed Apr 2 06:29:53 UTC 2014
The following commit has been merged in the upstream branch:
commit 09da6ed1f581dd06a481714d6a220c704df0fd21
Author: Andrew Kelley <superjoe30 at gmail.com>
Date: Mon Mar 17 09:19:43 2014 -0700
fix memory corruption when replaygain scanning large album
diff --git a/grooveloudness/loudness.c b/grooveloudness/loudness.c
index de30431..1f68411 100644
--- a/grooveloudness/loudness.c
+++ b/grooveloudness/loudness.c
@@ -82,12 +82,13 @@ static int emit_track_info(struct GrooveLoudnessDetectorPrivate *d) {
static int resize_state_history(struct GrooveLoudnessDetectorPrivate *d) {
int new_size = d->state_history_count * 2;
- d->all_track_states = realloc(d->all_track_states, new_size);
+ d->all_track_states = realloc(d->all_track_states, new_size * sizeof(ebur128_state *));
if (!d->all_track_states) {
av_log(NULL, AV_LOG_ERROR, "unable to reallocate state pointer array\n");
return -1;
}
- memset(d->all_track_states + d->state_history_count, 0, new_size - d->state_history_count);
+ int zero_count = new_size - d->state_history_count;
+ memset(d->all_track_states + d->state_history_count, 0, zero_count * sizeof(ebur128_state *));
d->state_history_count = new_size;
return 0;
}
--
libgroove packaging
More information about the pkg-multimedia-commits
mailing list