src/libFLAC/stream_decoder.c : Fix NULL de-reference.

NULL de-reference can really only happen on a malformed file. Found using afl (http://lcamtuf.coredump.cx/afl/).
author: Erik de Castro Lopo <erikd@mega-nerd.com> 2014-12-17 19:02:26 +1100
committer: Erik de Castro Lopo <erikd@mega-nerd.com> 2014-12-22 09:05:09 +1100
commit: 875be0ada54aa6cd24ef57a890f6f454399f4409 (patch)
tree: efe67ad0849d631f82aa437b3e412aacdccf1393 /src/libFLAC/stream_decoder.c
parent: 775eb934f77e72e91528d857b293b4ec8c9e5be5 (diff)
download: flac-875be0ada54aa6cd24ef57a890f6f454399f4409.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
index d13b23b7..227a8fdd 100644
--- a/src/libFLAC/stream_decoder.c
+++ b/src/libFLAC/stream_decoder.c
@@ -1753,8 +1753,10 @@ FLAC__bool read_metadata_vorbiscomment_(FLAC__StreamDecoder *decoder, FLAC__Stre
 				}
 				else
 					length -= 4;
-				if (!FLAC__bitreader_read_uint32_little_endian(decoder->private_->input, &obj->comments[i].length))
+				if (!FLAC__bitreader_read_uint32_little_endian(decoder->private_->input, &obj->comments[i].length)) {
+					obj->num_comments = i;
 					return false; /* read_callback_ sets the state for us */
+				}
 				if (obj->comments[i].length > 0) {
 					if (length < obj->comments[i].length) {
 						obj->num_comments = i;
author	Erik de Castro Lopo <erikd@mega-nerd.com>	2014-12-17 19:02:26 +1100
committer	Erik de Castro Lopo <erikd@mega-nerd.com>	2014-12-22 09:05:09 +1100
commit	875be0ada54aa6cd24ef57a890f6f454399f4409 (patch)
tree	efe67ad0849d631f82aa437b3e412aacdccf1393 /src/libFLAC/stream_decoder.c
parent	775eb934f77e72e91528d857b293b4ec8c9e5be5 (diff)
download	flac-875be0ada54aa6cd24ef57a890f6f454399f4409.tar.gz