[vlc-commits] [Git][videolan/vlc][master] musicbrainz: fix two sources of undefined behavior

[Steve Lhomme (@robUx4)]

Steve Lhomme pushed to branch master at VideoLAN / VLC


Commits:
4a251e00 by William Woodruff at 2025-04-18T05:54:54+00:00
musicbrainz: fix two sources of undefined behavior

This patch fixes two sources of undefined behavior in
the MusicBrainz module. In both cases, the undefined
behavior steps from irrefutably derefencing a null pointer.

Signed-off-by: William Woodruff <william at trailofbits.com>

- - - - -


1 changed file:

- modules/misc/webservices/musicbrainz.c


Changes:

=====================================
modules/misc/webservices/musicbrainz.c
=====================================
@@ -162,7 +162,7 @@ static bool musicbrainz_fill_release(const struct json_object *release,
                                      musicbrainz_release_t *r)
 {
     const struct json_array *media_array = json_get_array(release, "media");
-    if (media_array == NULL && media_array->size == 0)
+    if (media_array == NULL || media_array->size == 0)
         return false;
     /* we always use first media */
     const struct json_value *media = &media_array->entries[0];
@@ -170,7 +170,7 @@ static bool musicbrainz_fill_release(const struct json_object *release,
         return false;
 
     const struct json_array *tracks = json_get_array(&media->object, "tracks");
-    if (tracks == NULL && tracks->size == 0)
+    if (tracks == NULL || tracks->size == 0)
         return false;
 
     r->p_tracks = calloc(tracks->size, sizeof(*r->p_tracks));



View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/4a251e00ca7a4fbb1803ba3fb2ebea4ae95341a7

-- 
View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/4a251e00ca7a4fbb1803ba3fb2ebea4ae95341a7
You're receiving this email because of your account on code.videolan.org.


VideoLAN code repository instance