From 88682e14a4c89caa499fedad2a3faab316f72dda Mon Sep 17 00:00:00 2001
From: Darren Salt <linux@youmustbejoking.demon.co.uk>
Date: Mon, 19 Jul 2010 19:53:14 +0100
Subject: Fix a potential freeing of unallocated memory.

---
 ChangeLog                | 1 +
 src/demuxers/asfheader.c | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 218bc0be5..508715ed8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,7 @@ xine-lib (1.1.19) 2010-??-??
   * Fix playback of the first file handled by the modplug demuxer.
   * Refuse to build with known-broken libmodplug (0.8.8).
     http://bugs.debian.org/588465
+  * Fix a potential freeing of unallocated memory (CVE-2010-xxxx).
 
 xine-lib (1.1.18.1) 2010-03-06
   * Oops. compat.c (for DXR3 support) was omitted.
diff --git a/src/demuxers/asfheader.c b/src/demuxers/asfheader.c
index e9a36fc29..1482ac982 100644
--- a/src/demuxers/asfheader.c
+++ b/src/demuxers/asfheader.c
@@ -300,6 +300,9 @@ static int asf_header_parse_stream_properties(asf_header_t *header, uint8_t *buf
   if (!asf_stream)
     goto exit_error;
 
+  asf_stream->private_data = NULL;
+  asf_stream->error_correction_data = NULL;
+
   asf_reader_init(&reader, buffer, buffer_len);
 
   asf_reader_get_guid(&reader, &guid);
-- 
cgit v1.2.3