From 0e311fc0e8658a2c1f60bd57366c854e7fc129bc Mon Sep 17 00:00:00 2001
From: Martin Shirokov <shirokovMartin@gmail.com>
Date: Thu, 14 Dec 2017 17:51:00 +0200
Subject: ipc: avoid dereferencing NULL

This can happen when ctr->client_api->shutting_down is set to true,
or when there are over 1000 clients with the same name passed to mp_new_client().
---
 input/ipc-unix.c | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

(limited to 'input')

diff --git a/input/ipc-unix.c b/input/ipc-unix.c
index c3315d21b5..3b01d477f1 100644
--- a/input/ipc-unix.c
+++ b/input/ipc-unix.c
@@ -216,16 +216,26 @@ done:
 
 static void ipc_start_client(struct mp_ipc_ctx *ctx, struct client_arg *client)
 {
-    client->client = mp_new_client(ctx->client_api, client->client_name),
-    client->log    = mp_client_get_log(client->client);
+    client->client = mp_new_client(ctx->client_api, client->client_name);
+    if (!client->client)
+        goto err;
+
+    client->log = mp_client_get_log(client->client);
 
     pthread_t client_thr;
-    if (pthread_create(&client_thr, NULL, client_thread, client)) {
+    if (pthread_create(&client_thr, NULL, client_thread, client))
+        goto err;
+
+    return;
+
+err:
+    if (client->client)
         mpv_detach_destroy(client->client);
-        if (client->close_client_fd)
-            close(client->client_fd);
-        talloc_free(client);
-    }
+
+    if (client->close_client_fd)
+        close(client->client_fd);
+
+    talloc_free(client);
 }
 
 static void ipc_start_client_json(struct mp_ipc_ctx *ctx, int id, int fd)
-- 
cgit v1.2.3