2017-11-20 12:05 GMT+01:00 Mans Rullgard <mans@mansr.com>:

> This fixes a use after free and double free if an empty comment
> chunk follows a non-empty one.
> ---
>  src/aiff.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/aiff.c b/src/aiff.c
> index e34286be0a97..197ccd4e5d20 100644
> --- a/src/aiff.c
> +++ b/src/aiff.c
> @@ -63,7 +63,6 @@ int lsx_aiffstartread(sox_format_t * ft)
>    size_t ssndsize = 0;
>    char *annotation;
>    char *author;
> -  char *comment = NULL;
>    char *copyright;
>    char *nametext;
>
> @@ -271,6 +270,7 @@ int lsx_aiffstartread(sox_format_t * ft)
>        free(annotation);
>      }
>      else if (strncmp(buf, "COMT", (size_t)4) == 0) {
> +      char *comment = NULL;
>        rc = commentChunk(&comment, "Comment:", ft);
>        if (rc) {
>>
>> 2.15.0
>
>
>>
>>
>> ------------------------------------------------------------------------------
>
> Check out the vibrant tech community on one of the world's most
>
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
> _______________________________________________
>
> SoX-devel mailing list
>
> SoX-devel@lists.sourceforge.net
>
> https://lists.sourceforge.net/lists/listinfo/sox-devel
>
>          /* Fail already called in function */
> --
>

​Thank you! Applied in debian repo.

best regards

mira​