$OpenBSD: patch-src_aiff_c,v 1.2 2021/01/16 12:54:12 sthen Exp $

- Fix aiff_read_header() memory leak.
- Fix memory leak in aiff_open.
- Fix AIFF parsing bug.
- Fix memory leak in aiff_read_basc_chunk.
- Fix memory leak in aiff_read_header.

Index: src/aiff.c
--- src/aiff.c.orig
+++ src/aiff.c
@@ -243,6 +243,8 @@ aiff_open (SF_PRIVATE *psf)
 	if ((psf->container_data = calloc (1, sizeof (AIFF_PRIVATE))) == NULL)
 		return SFE_MALLOC_FAILED ;
 
+	psf->container_close = aiff_close ;
+
 	if (psf->file.mode == SFM_READ || (psf->file.mode == SFM_RDWR && psf->filelength > 0))
 	{	if ((error = aiff_read_header (psf, &comm_fmt)))
 			return error ;
@@ -283,7 +285,6 @@ aiff_open (SF_PRIVATE *psf)
 		psf->set_chunk		= aiff_set_chunk ;
 		} ;
 
-	psf->container_close = aiff_close ;
 	psf->command = aiff_command ;
 
 	switch (SF_CODEC (psf->sf.format))
@@ -498,6 +499,11 @@ aiff_read_header (SF_PRIVATE *psf, COMM_CHUNK *comm_fm
 						return SFE_WAV_BAD_PEAK ;
 						} ;
 
+					if (psf->peak_info)
+					{	psf_log_printf (psf, "*** Found existing peak info, using last one.\n") ;
+						free (psf->peak_info) ;
+						psf->peak_info = NULL ;
+						} ;
 					if ((psf->peak_info = peak_info_calloc (psf->sf.channels)) == NULL)
 						return SFE_MALLOC_FAILED ;
 
@@ -800,6 +806,10 @@ aiff_read_header (SF_PRIVATE *psf, COMM_CHUNK *comm_fm
 							break ;
 						} ;
 
+						if (psf->cues)
+						{	free (psf->cues) ;
+							psf->cues = NULL ;
+							} ;
 						if ((psf->cues = psf_cues_alloc (mark_count)) == NULL)
 							return SFE_MALLOC_FAILED ;
 
@@ -1719,6 +1729,11 @@ aiff_read_basc_chunk (SF_PRIVATE * psf, int datasize)
 
 	psf_log_printf (psf, "  Loop Type : 0x%x (%s)\n", bc.loopType, type_str) ;
 
+	if (psf->loop_info)
+	{	psf_log_printf (psf, "  Found existing loop info, using last one.\n") ;
+		free (psf->loop_info) ;
+		psf->loop_info = NULL ;
+		} ;
 	if ((psf->loop_info = calloc (1, sizeof (SF_LOOP_INFO))) == NULL)
 		return SFE_MALLOC_FAILED ;
 
