summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNicolas Pennequin <nicolas.pennequin@free.fr>2007-11-10 18:22:55 +0000
committerNicolas Pennequin <nicolas.pennequin@free.fr>2007-11-10 18:22:55 +0000
commita677678e3196a1981d0ff60cd1f756b985abaaeb (patch)
treeb090fdf0f22bcc08cef6ef792e6382564e77ad3a
parenta953e65dbde27ae550514dce3024c3b42f3364b7 (diff)
downloadrockbox-a677678e3196a1981d0ff60cd1f756b985abaaeb.tar.gz
rockbox-a677678e3196a1981d0ff60cd1f756b985abaaeb.zip
Fix a possible NULL pointer dereference I introduced in r15503 by making an unwise assumption. This would cause crashes on track skip in certain (very unlikely, I think) situations.
git-svn-id: svn://svn.rockbox.org/rockbox/trunk@15557 a1c6a512-1295-4272-9138-f99709370657
-rw-r--r--apps/playback.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/apps/playback.c b/apps/playback.c
index 61bb326574..0b2c9bb76c 100644
--- a/apps/playback.c
+++ b/apps/playback.c
@@ -2548,6 +2548,7 @@ static int audio_check_new_track(void)
{
int track_count = audio_track_count();
int old_track_ridx = track_ridx;
+ int i, idx;
bool forward;
if (dir_skip)
@@ -2603,12 +2604,12 @@ static int audio_check_new_track(void)
/* Save the old track */
copy_mp3entry(&prevtrack_id3, &curtrack_id3);
- int i, idx;
for (i = 0; i < ci.new_track; i++)
{
idx = (track_ridx + i) & MAX_TRACK_MASK;
- if ((unsigned)buf_handle_offset(tracks[idx].audio_hid) >
- bufgetid3(tracks[idx].id3_hid)->first_frame_offset)
+ struct mp3entry *id3 = bufgetid3(tracks[idx].id3_hid);
+ ssize_t offset = buf_handle_offset(tracks[idx].audio_hid);
+ if (!id3 || offset < 0 || (unsigned)offset > id3->first_frame_offset)
{
/* We don't have all the audio data for that track, so clear it */
clear_track_info(&tracks[idx]);