aft: Avoid NULL pointer dereference.
authorAndre Noll <maan@tuebingen.mpg.de>
Fri, 16 Oct 2020 13:49:47 +0000 (15:49 +0200)
committerAndre Noll <maan@tuebingen.mpg.de>
Fri, 1 Jan 2021 15:07:39 +0000 (16:07 +0100)
osl_get_object() must not be called with a NULL row pointer. Currently
this may happen on blob events. This patch avoids the problem and
makes sure we catch this programming error early.

aft.c

diff --git a/aft.c b/aft.c
index e370eaa..eb955e0 100644 (file)
--- a/aft.c
+++ b/aft.c
@@ -589,8 +589,10 @@ static int get_hash_of_row(const struct osl_row *row, unsigned char **hash)
 int get_afhi_of_row(const struct osl_row *row, struct afh_info *afhi)
 {
        struct osl_object obj;
-       int ret = osl(osl_get_object(audio_file_table, row, AFTCOL_AFHI,
-               &obj));
+       int ret;
+
+       assert(row);
+       ret = osl(osl_get_object(audio_file_table, row, AFTCOL_AFHI, &obj));
        if (ret < 0)
                return ret;
        load_afhi(obj.data, afhi);
@@ -2620,8 +2622,10 @@ static int aft_event_handler(enum afs_events event, struct para_buffer *pb,
                /*
                 * These events are rare. We don't bother to check whether the
                 * current status items are affected and simply recreate them
-                * every time.
+                * whenever an audio file is open.
                 */
+               if (!current_aft_row)
+                       return 0;
                ret = get_afhi_of_row(current_aft_row,
                        &status_item_ls_data.afhi);
                if (ret < 0)