Fix a potential freeing of unallocated memory.

author: Darren Salt <linux@youmustbejoking.demon.co.uk> 2010-07-19 19:53:14 +0100
committer: Darren Salt <linux@youmustbejoking.demon.co.uk> 2010-07-19 19:53:14 +0100
commit: 88682e14a4c89caa499fedad2a3faab316f72dda (patch)
tree: 4b58c6ea68969a89d38939cc0fb1b3ccd7ef3a85
parent: 3ed086bfd3deca46445b918806f2e0129bb35ab0 (diff)
download: xine-lib-88682e14a4c89caa499fedad2a3faab316f72dda.tar.gz
xine-lib-88682e14a4c89caa499fedad2a3faab316f72dda.tar.bz2
2 files changed, 4 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 218bc0be5..508715ed8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,7 @@ xine-lib (1.1.19) 2010-??-??
   * Fix playback of the first file handled by the modplug demuxer.
   * Refuse to build with known-broken libmodplug (0.8.8).
     http://bugs.debian.org/588465
+  * Fix a potential freeing of unallocated memory (CVE-2010-xxxx).
 
 xine-lib (1.1.18.1) 2010-03-06
   * Oops. compat.c (for DXR3 support) was omitted.
diff --git a/src/demuxers/asfheader.c b/src/demuxers/asfheader.c
index e9a36fc29..1482ac982 100644
--- a/src/demuxers/asfheader.c
+++ b/src/demuxers/asfheader.c
@@ -300,6 +300,9 @@ static int asf_header_parse_stream_properties(asf_header_t *header, uint8_t *buf
   if (!asf_stream)
     goto exit_error;
 
+  asf_stream->private_data = NULL;
+  asf_stream->error_correction_data = NULL;
+
   asf_reader_init(&reader, buffer, buffer_len);
 
   asf_reader_get_guid(&reader, &guid);
author	Darren Salt <linux@youmustbejoking.demon.co.uk>	2010-07-19 19:53:14 +0100
committer	Darren Salt <linux@youmustbejoking.demon.co.uk>	2010-07-19 19:53:14 +0100
commit	88682e14a4c89caa499fedad2a3faab316f72dda (patch)
tree	4b58c6ea68969a89d38939cc0fb1b3ccd7ef3a85
parent	3ed086bfd3deca46445b918806f2e0129bb35ab0 (diff)
download	xine-lib-88682e14a4c89caa499fedad2a3faab316f72dda.tar.gz xine-lib-88682e14a4c89caa499fedad2a3faab316f72dda.tar.bz2