From: Andre Noll <maan@tuebingen.mpg.de>
Date: Fri, 16 Oct 2020 13:49:47 +0000 (+0200)
Subject: aft: Avoid NULL pointer dereference.
X-Git-Tag: v0.6.3~4
X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=commitdiff_plain;h=cb2bcdde7424805b9f62c152ec6dd2a1c4a68a97

aft: Avoid NULL pointer dereference.

osl_get_object() must not be called with a NULL row pointer. Currently
this may happen on blob events. This patch avoids the problem and
makes sure we catch this programming error early.
---

diff --git a/aft.c b/aft.c
index e370eaad..eb955e01 100644
--- a/aft.c
+++ b/aft.c
@@ -589,8 +589,10 @@ static int get_hash_of_row(const struct osl_row *row, unsigned char **hash)
 int get_afhi_of_row(const struct osl_row *row, struct afh_info *afhi)
 {
 	struct osl_object obj;
-	int ret = osl(osl_get_object(audio_file_table, row, AFTCOL_AFHI,
-		&obj));
+	int ret;
+
+	assert(row);
+	ret = osl(osl_get_object(audio_file_table, row, AFTCOL_AFHI, &obj));
 	if (ret < 0)
 		return ret;
 	load_afhi(obj.data, afhi);
@@ -2620,8 +2622,10 @@ static int aft_event_handler(enum afs_events event, struct para_buffer *pb,
 		/*
 		 * These events are rare. We don't bother to check whether the
 		 * current status items are affected and simply recreate them
-		 * every time.
+		 * whenever an audio file is open.
 		 */
+		if (!current_aft_row)
+			return 0;
 		ret = get_afhi_of_row(current_aft_row,
 			&status_item_ls_data.afhi);
 		if (ret < 0)