[mupen64plus-core] 177/310: Don't free random memory on config option type change

Sven Eckelmann ecsv-guest at moszumanska.debian.org
Thu Nov 26 05:57:54 UTC 2015 

This is an automated email from the git hooks/post-receive script.

ecsv-guest pushed a commit to branch armhf_test
in repository mupen64plus-core.

commit ac3fc9ae792a8da80c698c8264b9d75956533608
Author: Sven Eckelmann <sven at narfation.org>
Date:   Tue Sep 11 19:49:39 2012 +0200

    Don't free random memory on config option type change
    
    It is possible that the config parser changes a type of an option from any
    other type to string. A string is actually only a pointer to another memory
    region storing the string. ConfigSetParameter will try to free the old value in
    hope to avoid memory leaks. This is a problem when the pointer shares the same
    memory region as the previously stored value. The free(..) will try to free a
    different part and create a crash at a later point.
---
 debian/changelog                                   |  3 ++
 .../patches/config_type_switch_invalid_free.patch  | 49 ++++++++++++++++++++++
 debian/patches/dejavu-font.patch                   |  6 +--
 .../patches/disable_recompiler_disassembler.patch  |  6 +--
 debian/patches/printf_fixup.patch                  |  4 +-
 debian/patches/series                              |  1 +
 6 files changed, 61 insertions(+), 8 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 262a25f..c88fcb8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,9 @@
 mupen64plus-core (1.99.5+113+481cdd269905-1) UNRELEASED; urgency=low
 
   * New Upstream Snapshot from 481cdd2699058351684be9415228fe7a156de464
+  * debian/patches:
+    - Add config_type_switch_invalid_free.patch, Don't free random memory
+      on config option type change
 
  -- Sven Eckelmann <sven at narfation.org>  Tue, 11 Sep 2012 09:45:42 +0200
 
diff --git a/debian/patches/config_type_switch_invalid_free.patch b/debian/patches/config_type_switch_invalid_free.patch
new file mode 100644
index 0000000..ce170db
--- /dev/null
+++ b/debian/patches/config_type_switch_invalid_free.patch
@@ -0,0 +1,49 @@
+Description: Don't free random memory on config option type change
+ It is possible that the config parser changes a type of an option from any
+ other type to string. A string is actually only a pointer to another memory
+ region storing the string. ConfigSetParameter will try to free the old value in
+ hope to avoid memory leaks. This is a problem when the pointer shares the same
+ memory region as the previously stored value. The free(..) will try to free a
+ different part and create a crash at a later point.
+Origin: upstream, https://bitbucket.org/ecsv/mupen64plus-core/changeset/19dbd07fb342f4d56493ce3cd9e9514284da3779
+Author: Sven Eckelmann <sven at narfation.org>
+
+---
+diff --git a/src/api/config.c b/src/api/config.c
+index 8b89d4d69b720bbf17eafd55ec4fef6de1288876..1165f4afd8c4e5d2f4f54c2f81a9a4883591588e 100644
+--- a/src/api/config.c
++++ b/src/api/config.c
+@@ -137,6 +137,8 @@ static config_var *config_var_create(const char *ParamName, const char *ParamHel
+     if (var == NULL || ParamName == NULL)
+         return NULL;
+ 
++    memset(var, sizeof(*var), 0);
++
+     var->name = strdup(ParamName);
+     if (var->name == NULL)
+     {
+@@ -927,6 +929,16 @@ EXPORT m64p_error CALL ConfigSetParameter(m64p_handle ConfigSectionHandle, const
+         append_var_to_section(section, var);
+     }
+ 
++    /* cleanup old values */
++    switch (var->type)
++    {
++        case M64TYPE_STRING:
++            free(var->val.string);
++	    break;
++        default:
++            break;
++    }
++
+     /* set this parameter's value */
+     var->type = ParamType;
+     switch(ParamType)
+@@ -941,7 +953,6 @@ EXPORT m64p_error CALL ConfigSetParameter(m64p_handle ConfigSectionHandle, const
+             var->val.integer = (*((int *) ParamValue) != 0);
+             break;
+         case M64TYPE_STRING:
+-            free(var->val.string);
+             var->val.string = strdup((char *)ParamValue);
+             if (var->val.string == NULL)
+                 return M64ERR_NO_MEMORY;
diff --git a/debian/patches/dejavu-font.patch b/debian/patches/dejavu-font.patch
index 8fa0389..66bcb45 100644
--- a/debian/patches/dejavu-font.patch
+++ b/debian/patches/dejavu-font.patch
@@ -4,10 +4,10 @@ Author: Sven Eckelmann <sven at narfation.org>
 
 ---
 diff --git a/projects/unix/Makefile b/projects/unix/Makefile
-index b59ca0bade6ae2c871a1d77d215b71d2d0f9ed36..eae0dce01279d005527a9e37e35a0c727a2b57d7 100644
+index b4c3b6678036fb5265e6d6dab7d2654ee1897c1f..9ad8432b2dc7a23ea1cdc3df39ae2dcfab435960 100644
 --- a/projects/unix/Makefile
 +++ b/projects/unix/Makefile
-@@ -422,6 +422,7 @@ install: $(TARGET)
+@@ -417,6 +417,7 @@ install: $(TARGET)
  	$(INSTALL) -m 0644 $(INSTALL_STRIP_FLAG) $(TARGET) "$(DESTDIR)$(LIBDIR)"
  	$(INSTALL) -d "$(DESTDIR)$(SHAREDIR)"
  	$(INSTALL) -m 0644 ../../data/* "$(DESTDIR)$(SHAREDIR)"
@@ -16,7 +16,7 @@ index b59ca0bade6ae2c871a1d77d215b71d2d0f9ed36..eae0dce01279d005527a9e37e35a0c72
  	$(INSTALL) -m 0644 ../../src/api/m64p_*.h "$(DESTDIR)$(INCDIR)"
  	-$(LDCONFIG) "$(DESTDIR)$(LIBDIR)"
 diff --git a/src/osd/osd.cpp b/src/osd/osd.cpp
-index 3f8ea24aa54da754b15f443913f92a275710a3f3..0b0e3f281937f55e2601dfa7c07aac0a055b9660 100644
+index 4deb0bed5938c6bcd852791268ed087fe3a05923..35d991e7a3c1f47db403759e709c677ffb2d4dcf 100644
 --- a/src/osd/osd.cpp
 +++ b/src/osd/osd.cpp
 @@ -39,7 +39,7 @@ extern "C" {
diff --git a/debian/patches/disable_recompiler_disassembler.patch b/debian/patches/disable_recompiler_disassembler.patch
index ae52090..2e38cf2 100644
--- a/debian/patches/disable_recompiler_disassembler.patch
+++ b/debian/patches/disable_recompiler_disassembler.patch
@@ -9,10 +9,10 @@ Author: Sven Eckelmann <sven at narfation.org>
 
 ---
 diff --git a/projects/unix/Makefile b/projects/unix/Makefile
-index eae0dce01279d005527a9e37e35a0c727a2b57d7..dc6ac17ea221a8c27cc0dfb256be431d25ff09bb 100644
+index 9ad8432b2dc7a23ea1cdc3df39ae2dcfab435960..0634b2bc9beb14645e718f09f87882832ee085fe 100644
 --- a/projects/unix/Makefile
 +++ b/projects/unix/Makefile
-@@ -374,7 +374,7 @@ ifeq ($(DEBUGGER), 1)
+@@ -368,7 +368,7 @@ ifeq ($(DEBUGGER), 1)
  	$(SRCDIR)/debugger/dbg_decoder.c \
  	$(SRCDIR)/debugger/dbg_memory.c \
  	$(SRCDIR)/debugger/dbg_breakpoints.c
@@ -22,7 +22,7 @@ index eae0dce01279d005527a9e37e35a0c727a2b57d7..dc6ac17ea221a8c27cc0dfb256be431d
  
  # generate a list of object files to build, make a temporary directory for them
 diff --git a/src/debugger/dbg_memory.c b/src/debugger/dbg_memory.c
-index 1767ca4e8ff47a8bffb3c612f1678c0314b38b68..c5afbd8682373010c67b7bd90b4a119aeab1bd9c 100644
+index 46d535820841fe242d28fc726bf43bd83c36aff3..10c3acbec3aeb4030290af270ef9ba12066d7dba 100644
 --- a/src/debugger/dbg_memory.c
 +++ b/src/debugger/dbg_memory.c
 @@ -73,7 +73,7 @@ static MEMBREAKREAD(read_romd, 8);
diff --git a/debian/patches/printf_fixup.patch b/debian/patches/printf_fixup.patch
index 1a1dcf4..3af7183 100644
--- a/debian/patches/printf_fixup.patch
+++ b/debian/patches/printf_fixup.patch
@@ -35,10 +35,10 @@ index 6cd56ba7bac99e08b81374c5c2cdc900d2fb127d..99ff7a92b62a8dde15124abc7eaa070d
  {
      int l;
 diff --git a/src/main/main.h b/src/main/main.h
-index cce51116c463dd17f44cff36a82e3d5f4648598e..aa2cbc13e35fbfe32315f4c8e0bb6fd0cea42d34 100644
+index 43a57a456416194b1980ec35eb6486e95f414ddc..6dbf60832a0e8fcda70862df308c7a99d7b598c6 100644
 --- a/src/main/main.h
 +++ b/src/main/main.h
-@@ -39,7 +39,7 @@ void new_frame(void);
+@@ -40,7 +40,7 @@ void new_frame(void);
  void new_vi(void);
  
  int  main_set_core_defaults(void);
diff --git a/debian/patches/series b/debian/patches/series
index f2b4630..89da099 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 dejavu-font.patch
 printf_fixup.patch
 disable_recompiler_disassembler.patch
+config_type_switch_invalid_free.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-games/mupen64plus-core.git

More information about the Pkg-games-commits mailing list