Avoid free-before-initialize vulnerability in heap am: 6995c84 am: ca1a1ff am: b8c0a86 am: 02a513a am: 680f668 am: 4b075cb * commit '4b075cb788972697b9128aae41446f3b4708951d': Avoid free-before-initialize vulnerability in heap

commit: 3c74c11c30cdae95914c0b6a9228a3906b238c73 [log] [tgz]
author: Robert Shih <robertshih@google.com> Tue Mar 22 21:30:41 2016 +0000
committer: android-build-merger <android-build-merger@google.com> Tue Mar 22 21:30:41 2016 +0000
tree: e7511613dd8f804dbb5c0ecb8ca011f8531ac9ed
parent: 093af41da9c2cef8e3bce26dd18cbbc517b2533b [diff]
parent: 4b075cb788972697b9128aae41446f3b4708951d [diff]
diff --git a/libFLAC/stream_decoder.c b/libFLAC/stream_decoder.c
index 77036ba..27bac3e 100644
--- a/libFLAC/stream_decoder.c
+++ b/libFLAC/stream_decoder.c

@@ -1740,6 +1740,7 @@
 			if (0 == (obj->comments = safe_malloc_mul_2op_p(obj->num_comments, /*times*/sizeof(FLAC__StreamMetadata_VorbisComment_Entry)))) {
 				obj->num_comments = 0;
 				decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
+				obj->num_comments = 0;
 				return false;
 			}
 			for (i = 0; i < obj->num_comments; i++) {
commit	3c74c11c30cdae95914c0b6a9228a3906b238c73	[log] [tgz]
author	Robert Shih <robertshih@google.com>	Tue Mar 22 21:30:41 2016 +0000
committer	android-build-merger <android-build-merger@google.com>	Tue Mar 22 21:30:41 2016 +0000
tree	e7511613dd8f804dbb5c0ecb8ca011f8531ac9ed
parent	093af41da9c2cef8e3bce26dd18cbbc517b2533b [diff]
parent	4b075cb788972697b9128aae41446f3b4708951d [diff]