[vlc-commits] codec: atsc_a65: avoid crash

[Abylay Ospan]

vlc | branch: master | Abylay Ospan <aospan at netup.ru> | Sat Aug 26 23:32:48 2017 -0400| [0afab3b610a94460e04af288dfbffa86858d95b3] | committer: Francois Cartegnie

codec: atsc_a65: avoid crash

Pointer to allocated memory incremented in cycle and then used to
'free' call. This cause crash because pointer is not pointing to
originally allocated memory.

Signed-off-by: Francois Cartegnie <fcvlcdev at free.fr>

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=0afab3b610a94460e04af288dfbffa86858d95b3
---

 modules/codec/atsc_a65.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/codec/atsc_a65.c b/modules/codec/atsc_a65.c
index 2f9491c377..08174d95f0 100644
--- a/modules/codec/atsc_a65.c
+++ b/modules/codec/atsc_a65.c
@@ -95,7 +95,9 @@ static char *enlarge_to16( const uint8_t *p_src, size_t i_src, uint8_t i_prefix
     if( i_src == 0 )
         return NULL;
 
-    char *psz_new = malloc( i_src * 2 + 1 );
+    char *psz_new_allocated = malloc( i_src * 2 + 1 );
+    char *psz_new = psz_new_allocated;
+
     if( psz_new )
     {
         memset( psz_new, i_prefix, i_src * 2 );
@@ -107,7 +109,7 @@ static char *enlarge_to16( const uint8_t *p_src, size_t i_src, uint8_t i_prefix
             psz_new += 2;
         }
     }
-    return psz_new;
+    return psz_new_allocated;
 }
 
 static bool convert_encoding_set( atsc_a65_handle_t *p_handle,