From 20695ef3691771dbbfb3d21b14b694c6b7e29eae Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@duempel.org>
Date: Wed, 15 Aug 2012 23:57:38 +0200
Subject: playlist_song: fix user-after-free bug

---
 NEWS                | 1 +
 src/playlist_song.c | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index ea40aa8a8..9d85b1e46 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,7 @@ ver 0.17.2 (2012/??/??)
   - httpd: fix throttling bug after resuming playback
 * mapper: fix non-UTF8 music directory name
 * mapper: fix potential crash in file permission check
+* playlist: fix use-after-free bug
 
 
 ver 0.17.1 (2012/07/31)
diff --git a/src/playlist_song.c b/src/playlist_song.c
index 88ef1059d..ef5261c99 100644
--- a/src/playlist_song.c
+++ b/src/playlist_song.c
@@ -69,7 +69,6 @@ apply_song_metadata(struct song *dest, const struct song *src)
 	} else {
 		tmp = song_file_new(dest->uri, NULL);
 		merge_song_metadata(tmp, dest, src);
-		song_free(dest);
 	}
 
 	if (dest->tag != NULL && dest->tag->time > 0 &&
@@ -80,6 +79,9 @@ apply_song_metadata(struct song *dest, const struct song *src)
 		   (e.g. last track on a CUE file); fix it up here */
 		tmp->tag->time = dest->tag->time - src->start_ms / 1000;
 
+	if (!song_in_database(dest))
+		song_free(dest);
+
 	return tmp;
 }
 
-- 
cgit v1.2.3