Hi, I found a potential null pointer dereference bug in the project source code of vorbis, and I have shown the execution sequence of the program that may generate the bug on the graph below. The red text illustrates the steps that generate the bug, the red arrows represent the control flow,the file path can be seen in the blue framed section.
Although the code shown is for version 1.3.6 but is still exist in current version
Hi, I found a potential null pointer dereference bug in the project source code of vorbis, and I have shown the execution sequence of the program that may generate the bug on the graph below. The red text illustrates the steps that generate the bug, the red arrows represent the control flow,the file path can be seen in the blue framed section.
Although the code shown is for version 1.3.6 but is still exist in current version
https://github.com/xiph/vorbis/blob/84c023699cdf023a32fa4ded32019f194afcdad0/lib/vorbisfile.c#L898-L902
would you can help to check if this bug is true?thank you for your effort and patience!