From 20695ef3691771dbbfb3d21b14b694c6b7e29eae Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Wed, 15 Aug 2012 23:57:38 +0200 Subject: playlist_song: fix user-after-free bug --- src/playlist_song.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/playlist_song.c b/src/playlist_song.c index 88ef1059d..ef5261c99 100644 --- a/src/playlist_song.c +++ b/src/playlist_song.c @@ -69,7 +69,6 @@ apply_song_metadata(struct song *dest, const struct song *src) } else { tmp = song_file_new(dest->uri, NULL); merge_song_metadata(tmp, dest, src); - song_free(dest); } if (dest->tag != NULL && dest->tag->time > 0 && @@ -80,6 +79,9 @@ apply_song_metadata(struct song *dest, const struct song *src) (e.g. last track on a CUE file); fix it up here */ tmp->tag->time = dest->tag->time - src->start_ms / 1000; + if (!song_in_database(dest)) + song_free(dest); + return tmp; } -- cgit v1.2.3 From bf2e07074b509087d04b7221a9d25fb2a8b17bee Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Wed, 15 Aug 2012 23:58:17 +0200 Subject: playlist_song: pass const song to _check_load_song() --- src/playlist_song.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/playlist_song.c b/src/playlist_song.c index ef5261c99..29efef2e3 100644 --- a/src/playlist_song.c +++ b/src/playlist_song.c @@ -86,7 +86,7 @@ apply_song_metadata(struct song *dest, const struct song *src) } static struct song * -playlist_check_load_song(struct song *song, const char *uri, bool secure) +playlist_check_load_song(const struct song *song, const char *uri, bool secure) { struct song *dest; -- cgit v1.2.3 From ef5125f8f4ee992c5a8f24d1b93851db5df5c43d Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Wed, 15 Aug 2012 23:59:52 +0200 Subject: playlist_print: fix memory leak --- src/playlist_print.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src') diff --git a/src/playlist_print.c b/src/playlist_print.c index a6bf84ccd..59c42f969 100644 --- a/src/playlist_print.c +++ b/src/playlist_print.c @@ -163,6 +163,9 @@ playlist_provider_print(struct client *client, const char *uri, song_print_info(client, song); else song_print_uri(client, song); + + if (!song_in_database(song)) + song_free(song); } g_free(base_uri); -- cgit v1.2.3