--- ./libcdio-0.92/lib/iso9660/iso9660_fs.c	2018-06-06 11:52:23.464809984 +0200

+++ ../libcdio-fedora/libcdio-0.94/lib/iso9660/iso9660_fs.c	2018-06-05 18:18:31.235215219 +0200

@@ -714,6 +714,7 @@

   iso711_t i_fname;

   unsigned int stat_len;

   iso9660_stat_t *p_stat;

+  bool err;

   if (!dir_len) return NULL;

@@ -730,8 +731,16 @@

     }

   p_stat->type    = (p_iso9660_dir->file_flags & ISO_DIRECTORY)

     ? _STAT_DIR : _STAT_FILE;

-  p_stat->lsn     = from_733 (p_iso9660_dir->extent);

-  p_stat->size    = from_733 (p_iso9660_dir->size);

+  p_stat->lsn     = from_733_with_err (p_iso9660_dir->extent, &err;;

+  if (err) {

+    free(p_stat);

+    return NULL;

+  }

+  p_stat->size    = from_733_with_err (p_iso9660_dir->size, &err;;

+  if (err) {

+    free(p_stat);

+    return NULL;

+  }

   p_stat->secsize = _cdio_len2blocks (p_stat->size, ISO_BLOCKSIZE);

   p_stat->rr.b3_rock = dunno; /*FIXME should do based on mask */

   p_stat->b_xa    = false;

@@ -754,6 +763,7 @@

         if (!p_stat_new)

           {

           cdio_warn("Couldn't calloc(1, %d)", (int)(sizeof(iso9660_stat_t)+i_rr_fname+2));

+	  free(p_stat);

           return NULL;

           }

 	memcpy(p_stat_new, p_stat, stat_len);

@@ -1098,6 +1108,12 @@

       p_stat = _iso9660_dir_to_statbuf (p_iso9660_dir, p_iso->b_xa,

 					p_iso->u_joliet_level);

+      if (!p_stat) {

+	cdio_warn("Bad directory information for %s", splitpath[0]);

+	free(_dirbuf);

+	return NULL;

+      }

+

       cmp = strcmp(splitpath[0], p_stat->filename);

       if ( 0 != cmp && 0 == p_iso->u_joliet_level

@@ -1283,12 +1299,15 @@

     if (!_dirbuf)

       {

       cdio_warn("Couldn't calloc(1, %d)", p_stat->secsize * ISO_BLOCKSIZE);

+      _cdio_list_free (retval, true);

       return NULL;

       }

     if (cdio_read_data_sectors (p_cdio, _dirbuf, p_stat->lsn,

-				ISO_BLOCKSIZE, p_stat->secsize))

-	return NULL;

+				ISO_BLOCKSIZE, p_stat->secsize)) {

+      _cdio_list_free (retval, true);

+      return NULL;

+    }

     while (offset < (p_stat->secsize * ISO_BLOCKSIZE))

       {

@@ -1401,14 +1417,14 @@

       }

     free (_dirbuf);

+    free(p_stat->rr.psz_symlink);

-    if (offset != (p_stat->secsize * ISO_BLOCKSIZE)) {

-      free (p_stat);

+    if (offset != (p_stat->secsize * ISO_BLOCKSIZE)) {

+      free (p_stat);

       _cdio_list_free (retval, true);

       return NULL;

     }

-    free (p_stat->rr.psz_symlink);

     free (p_stat);

     return retval;

   }

@@ -1528,6 +1563,16 @@

 }

 /*!

+  Free the passed iso9660_stat_t structure.

+ */

+void

+iso9660_stat_free(iso9660_stat_t *p_stat)

+{

+  if (p_stat != NULL)

+    free(p_stat);

+}

+

+/*!

   Return true if ISO 9660 image has extended attrributes (XA).

 */

 bool

@@ -1580,11 +1625,11 @@

       if ( have_rr != yep) {

 	have_rr = iso_have_rr_traverse (p_iso, p_stat, &splitpath[1], pu_file_limit);

       }

+      free(p_stat);

       if (have_rr != nope) {

 	free (_dirbuf);

 	return have_rr;

       }

-      free(p_stat);

       offset += iso9660_get_dir_len(p_iso9660_dir);

       *pu_file_limit = (*pu_file_limit)-1;