From 20695ef3691771dbbfb3d21b14b694c6b7e29eae Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@duempel.org>
Date: Wed, 15 Aug 2012 23:57:38 +0200
Subject: [PATCH 1/3] playlist_song: fix user-after-free bug

---
 NEWS                | 1 +
 src/playlist_song.c | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index ea40aa8a8..9d85b1e46 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,7 @@ ver 0.17.2 (2012/??/??)
   - httpd: fix throttling bug after resuming playback
 * mapper: fix non-UTF8 music directory name
 * mapper: fix potential crash in file permission check
+* playlist: fix use-after-free bug
 
 
 ver 0.17.1 (2012/07/31)
diff --git a/src/playlist_song.c b/src/playlist_song.c
index 88ef1059d..ef5261c99 100644
--- a/src/playlist_song.c
+++ b/src/playlist_song.c
@@ -69,7 +69,6 @@ apply_song_metadata(struct song *dest, const struct song *src)
 	} else {
 		tmp = song_file_new(dest->uri, NULL);
 		merge_song_metadata(tmp, dest, src);
-		song_free(dest);
 	}
 
 	if (dest->tag != NULL && dest->tag->time > 0 &&
@@ -80,6 +79,9 @@ apply_song_metadata(struct song *dest, const struct song *src)
 		   (e.g. last track on a CUE file); fix it up here */
 		tmp->tag->time = dest->tag->time - src->start_ms / 1000;
 
+	if (!song_in_database(dest))
+		song_free(dest);
+
 	return tmp;
 }
 

From bf2e07074b509087d04b7221a9d25fb2a8b17bee Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@duempel.org>
Date: Wed, 15 Aug 2012 23:58:17 +0200
Subject: [PATCH 2/3] playlist_song: pass const song to _check_load_song()

---
 src/playlist_song.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/playlist_song.c b/src/playlist_song.c
index ef5261c99..29efef2e3 100644
--- a/src/playlist_song.c
+++ b/src/playlist_song.c
@@ -86,7 +86,7 @@ apply_song_metadata(struct song *dest, const struct song *src)
 }
 
 static struct song *
-playlist_check_load_song(struct song *song, const char *uri, bool secure)
+playlist_check_load_song(const struct song *song, const char *uri, bool secure)
 {
 	struct song *dest;
 

From ef5125f8f4ee992c5a8f24d1b93851db5df5c43d Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@duempel.org>
Date: Wed, 15 Aug 2012 23:59:52 +0200
Subject: [PATCH 3/3] playlist_print: fix memory leak

---
 NEWS                 | 1 +
 src/playlist_print.c | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/NEWS b/NEWS
index 9d85b1e46..41a69d8e5 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,7 @@ ver 0.17.2 (2012/??/??)
 * mapper: fix non-UTF8 music directory name
 * mapper: fix potential crash in file permission check
 * playlist: fix use-after-free bug
+* playlist: fix memory leak
 
 
 ver 0.17.1 (2012/07/31)
diff --git a/src/playlist_print.c b/src/playlist_print.c
index a6bf84ccd..59c42f969 100644
--- a/src/playlist_print.c
+++ b/src/playlist_print.c
@@ -163,6 +163,9 @@ playlist_provider_print(struct client *client, const char *uri,
 			song_print_info(client, song);
 		else
 			song_print_uri(client, song);
+
+		if (!song_in_database(song))
+			song_free(song);
 	}
 
 	g_free(base_uri);