From 105b431e4cd5416b44ed3fb68e5944ad59bd8221 Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@duempel.org>
Date: Thu, 1 Aug 2013 08:33:53 +0200
Subject: PcmBuffer: reset size in Clear()

Fix for Mantis #3806.

"PcmBuffer::Clear clears the buffer but does not reset the size. If
Get is called on the same PcmBuffer later on with a size that is the
same as (or less than) it was before the call to Clear, the "else"
branch is taken and the memory of buffer (at the address of nullptr)
is poisoned instead of the necessary allocation being performed. A
memset or memcpy on the returned pointer (nullptr) causes a
segmentation fault."
---
 src/pcm/PcmBuffer.hxx | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/pcm/PcmBuffer.hxx b/src/pcm/PcmBuffer.hxx
index 260960726..ae7030f76 100644
--- a/src/pcm/PcmBuffer.hxx
+++ b/src/pcm/PcmBuffer.hxx
@@ -46,6 +46,7 @@ struct PcmBuffer {
 	void Clear() {
 		g_free(buffer);
 		buffer = nullptr;
+		size = 0;
 	}
 
 	/**
-- 
cgit v1.2.3