From e42ade073cc1f013eae739dc37464630f1104813 Mon Sep 17 00:00:00 2001 From: Colin Snover Date: Sun, 19 Nov 2017 20:44:40 -0600 Subject: AUDIO: Fix uninitialized data structures in PacketizedMP3Stream If the audio thread called to readBuffer before any packet had been added to the stream, the state of the stream would be changed from INIT to EOS. Later, when a packet was received, the state would go directly from EOS to READY, skipping decoder init, leaving garbage memory in the decoder structs and causing a crash of the decoder. Fixes Trac#9653. --- audio/decoders/mp3.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/audio/decoders/mp3.cpp b/audio/decoders/mp3.cpp index 54da6c584d..3fd134df41 100644 --- a/audio/decoders/mp3.cpp +++ b/audio/decoders/mp3.cpp @@ -453,7 +453,10 @@ int PacketizedMP3Stream::readBuffer(int16 *buffer, const int numSamples) { while (samples < numSamples) { // Empty? Bail out for now, and mark the stream as ended if (_queue.empty()) { - _state = MP3_STATE_EOS; + // EOS state is only valid once a packet has been received at least + // once + if (_state == MP3_STATE_READY) + _state = MP3_STATE_EOS; return samples; } -- cgit v1.2.3