[flac-dev] [PATCH 1/2] Avoid double free in iconvert()

Fri Jul 20 10:36:07 UTC 2018

When safe_realloc_add_2op_(utfbuf, ...) is called with an invalid size
and returns 0, set utfbuf to 0 to avoid second deallocation later in the
function.
---
 src/share/utf8/iconvert.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/share/utf8/iconvert.c b/src/share/utf8/iconvert.c
index 472ca876..03068ac9 100644
--- a/src/share/utf8/iconvert.c
+++ b/src/share/utf8/iconvert.c
@@ -150,8 +150,10 @@ int iconvert(const char *fromcode, const char *tocode,
       return ret;
     }
     newbuf = safe_realloc_add_2op_(utfbuf, (ob - utfbuf), /*+*/1);
-    if (!newbuf)
+    if (!newbuf) {
+      utfbuf = 0;
       goto fail;
+    }
     ob = (ob - utfbuf) + newbuf;
     *ob = '\0';
     *to = newbuf;
-- 
2.17.1

