code snippet from: field_string_unicode.cpp lines 122-137
line 129 variable "unicode" created on stack with text kept on heap
variable "text" points into "unicode"'s text on heap and is set to peoper index item in lines 130-134
but at line 135 "unicode" goes out of scope and the heap memory for it's text is freed
thus "text" now points to free memory on the heap
actual code:
122: const unicode_t* ID3_FieldImpl::GetRawUnicodeTextItem(size_t index) const
123: {
124: const unicode_t* text = NULL;
125: if (this->GetType() == ID3FTY_TEXTSTRING &&
126: this->GetEncoding() == ID3TE_UNICODE &&
127: index < this->GetNumTextItems())
128: {
129: String unicode = _text + '\0' + '\0';
130: text = (unicode_t *) unicode.data();
131: for (size_t i = 0; i < index; ++i)
132: {
133: text += ucslen(text) + 1;
134: }
135: }
136: return text;
137: }