Re: [Libcdio-devel] libcdio-1.1.0 - fix double free error

[Chris Clayton]

On 22/12/17 21:11, Rocky Bernstein wrote:
> Thanks - this helps.
> 
> And the timing is fortuitous as I am about to put out another release. You 
> can check that the patch was applied
> correctly along with the other bug fixes by downloading the tarball at 
> https://rocky.github.io/libcdio-2.0.0rc1.tar.bz2
> 

I've checked https://rocky.github.io/libcdio-2.0.0rc1.tar.bz2 and my patch 
doesn't seem to have been applied. In fact
the line that has been removed is the call to cdtext_destroy(), but that is 
still required because it does more than
just free penv->cdtext.

> On Fri, Dec 22, 2017 at 1:59 PM, Chris Clayton <address@hidden 
> <mailto:address@hidden>> wrote:
> 
>     e9340644362825a2133a8a784d1240edeb65df86 changed cdtext_destroy() by 
> adding a call to free() to release the memory used
>     by the cdtext_t argument. However, when cdtext_destroy() is called by 
> get_cd_generic(), the latter then attempts to free
>     the cdtext_t again, resulting in an double-free error in glibc. (In turn, 
> that means that it is impossible to play audio
>     cds with the audacious media player.) The patch below fixes this.
> 
>     --- libcdio-1.1.0/lib/driver/_cdio_generic.c.orig       2017-12-08 
> 19:42:57.000000000 +0000
>     +++ libcdio-1.1.0/lib/driver/_cdio_generic.c    2017-12-22 
> 18:47:29.303972609 +0000
>     @@ -297,7 +297,6 @@ get_cdtext_generic (void *p_user_data)
>            if(len <= 0 || 0 != cdtext_data_init (p_env->cdtext, 
> &p_cdtext_data[4], len)) {
>              p_env->b_cdtext_error = true;
>              cdtext_destroy (p_env->cdtext);
>     -        free(p_env->cdtext);
>              p_env->cdtext = NULL;
>            }
> 
>     Hope this helps and thanks for your work on libcdio.
> 
>     Chris
> 
>