http://bugzilla.novell.com/show_bug.cgi?id=515027 Summary: libcdaudio-0.99.12-140.46: possible double free ? Classification: openSUSE Product: openSUSE 11.2 Version: Factory Platform: All OS/Version: openSUSE 11.1 Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: dcb314@hotmail.com QAContact: qa@suse.de Found By: --- I just had a look a factory package libcdaudio-0.99.12-140.46 In file libcdaudio-0.99.12/src/cddb.c, around line 1981, is the source code if(cddb_mc_copy_from_data(data, indata) < 0) { free(indata); cddb_mc_free(data); } free(indata); return 0; } There is a danger that indata could be freed twice here and that a success code could be returned when an error has occurred. Suggest new code if(cddb_mc_copy_from_data(data, indata) < 0) { free(indata); cddb_mc_free(data); return -1; } free(indata); return 0; } -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.