Fix a possible NULL pointer dereference I introduced in r15503 by making an unwise assumption. This would cause crashes on track skip in certain (very unlikely, I think) situations.

git-svn-id: svn://svn.rockbox.org/rockbox/trunk@15557 a1c6a512-1295-4272-9138-f99709370657

1 files changed, 4 insertions, 3 deletions

diff --git a/apps/playback.c b/apps/playback.c
index 61bb326574..0b2c9bb76c 100644
--- a/apps/playback.c
+++ b/apps/playback.c
@@ -2548,6 +2548,7 @@ static int audio_check_new_track(void)
 {
     int track_count = audio_track_count();
     int old_track_ridx = track_ridx;
+    int i, idx;
     bool forward;
 
     if (dir_skip)
@@ -2603,12 +2604,12 @@ static int audio_check_new_track(void)
     /* Save the old track */
     copy_mp3entry(&prevtrack_id3, &curtrack_id3);
 
-    int i, idx;
     for (i = 0; i < ci.new_track; i++)
     {
         idx = (track_ridx + i) & MAX_TRACK_MASK;
-        if ((unsigned)buf_handle_offset(tracks[idx].audio_hid) >
-            bufgetid3(tracks[idx].id3_hid)->first_frame_offset)
+        struct mp3entry *id3 = bufgetid3(tracks[idx].id3_hid);
+        ssize_t offset = buf_handle_offset(tracks[idx].audio_hid);
+        if (!id3 || offset < 0 || (unsigned)offset > id3->first_frame_offset)
         {
             /* We don't have all the audio data for that track, so clear it */
             clear_track_info(&tracks[idx]);