Bug#591525: [PATCH] segfault in playtree.c

Thu, 05 Aug 2010 15:11:23 -0700 

On Thu, Aug 05, 2010 at 11:46:48PM +0200, Reimar Döffinger wrote:

> > This is Debian Bug: http://bugs.debian.org/591525
> > 
> > Index: playtree.c
> > ===================================================================
> > --- playtree.c      (revision 31912)
> > +++ playtree.c      (working copy)
> > @@ -223,6 +223,13 @@
> >    assert(pt->entry_type == PLAY_TREE_ENTRY_NODE);
> >  #endif
> >  
> > +  /* Roughly validate input data. Both, pt and child are going to be
> > +   * dereferenced, hence assure they're not NULL.
> > +   */
> > +  if (NULL == pt || NULL == child) {
> > +      return;
> > +  }
> > +
> 
> Checking for NULL after dereferencing makes no sense, even if the
> dereferencing is inside an assert.

Good catch, this part needs to be moved before the #ifdef and the
assert removed. If you like, find attached a revised version.

> Apart from that, pt and child are not _input_ data, they are
> MPlayer-internal data, it is very likely the validation
> should happen far earlier.

Depends. There are two calls to play_tree_set_child in playtreeparser.c.
Of course, you could check for non-NULL pointers before calling them.
Twice the code.

Either one should work.


HTH

-- 
mail: a...@thur.de      http://adi.thur.de      PGP/GPG: key via keyserver

From: Adrian Knoth <a...@drcomp.erfurt.thur.de>
Bug-Debian: http://bugs.debian.org/591525
Description: Fix segfault on empty playlist
Index: mplayer-1.0~rc3++final.dfsg1/playtree.c
===================================================================
--- mplayer-1.0~rc3++final.dfsg1.orig/playtree.c	2010-08-06 00:01:32.000000000 +0200
+++ mplayer-1.0~rc3++final.dfsg1/playtree.c	2010-08-06 00:02:27.000000000 +0200
@@ -201,11 +201,18 @@
 play_tree_set_child(play_tree_t* pt, play_tree_t* child) {
   play_tree_t* iter;
 
+  /* Roughly validate input data. Both, pt and child are going to be
+   * dereferenced, hence assure they're not NULL.
+   */
+  if (NULL == pt || NULL == child) {
+      return;
+  }
+
 #ifdef MP_DEBUG
-  assert(pt != NULL);
   assert(pt->entry_type == PLAY_TREE_ENTRY_NODE);
 #endif
 
+
   //DEBUG_FF: Where are the children freed?
   // Attention in using this function!
   for(iter = pt->child ; iter != NULL ; iter = iter->next)

_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers

Reply via email to