This happens with dynamic chunks. In this case we don't reserve any
space for the chunk table, yet the code copies one entry.
==6827== Invalid read of size 4
==6827== at 0x805A7C6: write_u32 (portable_io.h:95)
==6827== by 0x805A7C6: save_chunk_table (aft.c:402)
==6827== by 0x805E035: save_afd (aft.c:616)
==6827== by 0x805E035: open_and_update_audio_file (aft.c:1097)
==6827== by 0x80589B5: open_next_audio_file (afs.c:425)
==6827== by 0x80589B5: execute_server_command (afs.c:867)
==6827== by 0x80589B5: command_post_select.part.3 (afs.c:921)
==6827== by 0x80632CE: call_post_select (sched.c:80)
==6827== by 0x80632CE: sched_post_select (sched.c:106)
==6827== by 0x80632CE: schedule (sched.c:159)
==6827== by 0x8059555: afs_init (afs.c:1006)
==6827== by 0x804D53A: init_afs (server.c:528)
==6827== by 0x804D53A: server_init (server.c:600)
==6827== by 0x804D53A: main (server.c:689)
==6827== Address 0x58c4a20 is 0 bytes after a block of size 40 alloc'd
==6827== at 0x40345EE: malloc (vg_replace_malloc.c:299)
==6827== by 0x80539C5: para_malloc (string.c:63)
==6827== by 0x805B38A: load_chunk_table (aft.c:415)
==6827== by 0x805DFC4: open_and_update_audio_file (aft.c:1087)
==6827== by 0x80589B5: open_next_audio_file (afs.c:425)
==6827== by 0x80589B5: execute_server_command (afs.c:867)
==6827== by 0x80589B5: command_post_select.part.3 (afs.c:921)
==6827== by 0x80632CE: call_post_select (sched.c:80)
==6827== by 0x80632CE: sched_post_select (sched.c:106)
==6827== by 0x80632CE: schedule (sched.c:159)
==6827== by 0x8059555: afs_init (afs.c:1006)
==6827== by 0x804D53A: init_afs (server.c:528)
==6827== by 0x804D53A: server_init (server.c:600)
==6827== by 0x804D53A: main (server.c:689)
{
uint32_t n;
- if (!afhi->chunk_table)
+ if (!afhi->chunk_table || afhi->chunks_total == 0)
return;
for (n = 0; n <= afhi->chunks_total; n++)
write_u32(buf + 4 * n, afhi->chunk_table[n]);