From 92c6b27d3a3fb01cf516be2fa8885d07ca92c9c7 Mon Sep 17 00:00:00 2001 From: Andre Noll Date: Tue, 17 Mar 2020 16:18:22 +0100 Subject: [PATCH 1/1] Don't use strdup() to copy hash. There was a braino in the previous patch: the hash may well contain a zero byte, so we need to use memcpy(). --- aft.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/aft.c b/aft.c index e24a5fbf..5595071f 100644 --- a/aft.c +++ b/aft.c @@ -1035,24 +1035,26 @@ int open_and_update_audio_file(struct audio_file_data *afd) struct afsi_change_event_data aced; struct osl_object map, chunk_table_obj; struct ls_data *d = &status_item_ls_data; + unsigned char *tmp_hash; again: ret = score_get_best(¤t_aft_row, &d->score); if (ret < 0) return ret; /* * get_hash_of_row() and get_audio_file_path_of_row() initialize - * d->hash and d->path to point to memory-mapped files. These pointers + * their pointer argument to point to memory-mapped files. These pointers * become stale after a new audio file has been added or after the * server process received SIGHUP. For in both cases libosl unmaps and * remaps the underlying database files, and this remapping may well * change the starting address of the mapping. To avoid stale pointer * references we create copies on the heap. */ - free(d->hash); - ret = get_hash_of_row(current_aft_row, &d->hash); + ret = get_hash_of_row(current_aft_row, &tmp_hash); if (ret < 0) return ret; - d->hash = (unsigned char *)para_strdup((char *)d->hash); + if (!d->hash) + d->hash = para_malloc(HASH_SIZE); + memcpy(d->hash, tmp_hash, HASH_SIZE); free(d->path); ret = get_audio_file_path_of_row(current_aft_row, &d->path); if (ret < 0) -- 2.39.2