FPII-1839: Avoid free-before-initialize vulnerability in heap
Bug: 27211885
Change-Id: Ib9c93bd9ffdde2a5f8d31a86f06e267dc9c152db
(cherry picked from commit 6995c8473ccfc43848e179a060de8157d7d897c5)
diff --git a/libFLAC/stream_decoder.c b/libFLAC/stream_decoder.c
index d13b23b..7dff737 100644
--- a/libFLAC/stream_decoder.c
+++ b/libFLAC/stream_decoder.c
@@ -1739,6 +1739,7 @@
if (obj->num_comments > 0) {
if (0 == (obj->comments = safe_malloc_mul_2op_p(obj->num_comments, /*times*/sizeof(FLAC__StreamMetadata_VorbisComment_Entry)))) {
decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
+ obj->num_comments = 0;
return false;
}
for (i = 0; i < obj->num_comments; i++) {