IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
OggDropXPd (1.9.0) crashes due to heap corruption
nu774
post Jan 27 2013, 05:28
Post #1





Group: Developer
Posts: 476
Joined: 22-November 10
From: Japan
Member No.: 85902



In encthread.c at around line 1482:
CODE
        if (out_fn)
            free(out_fn);
        if (enc_opts.filename)
            free(enc_opts.filename);

enc_opts.filename points to the same address as out_fn (see line 1246), hence the double free.
However, it's worse than that. out_fn (and enc_opts.filename) actually points to the stack array strFileName[] (see line 1219). So it tries to free same stack address twice, which leads this encoding thread to a crash.
I was somewhat surprised to see that this file is not touched after year 2008, and no one ever complained about this bug.
Go to the top of the page
+Quote Post
john33
post Jan 27 2013, 10:19
Post #2


xcLame and OggDropXPd Developer


Group: Developer
Posts: 3726
Joined: 30-September 01
From: Bracknell, UK
Member No.: 111



QUOTE (nu774 @ Jan 27 2013, 04:28) *
In encthread.c at around line 1482:
CODE
        if (out_fn)
            free(out_fn);
        if (enc_opts.filename)
            free(enc_opts.filename);

enc_opts.filename points to the same address as out_fn (see line 1246), hence the double free.
However, it's worse than that. out_fn (and enc_opts.filename) actually points to the stack array strFileName[] (see line 1219). So it tries to free same stack address twice, which leads this encoding thread to a crash.
I was somewhat surprised to see that this file is not touched after year 2008, and no one ever complained about this bug.

Thanks for the interest. I'll look into this when I return home later.


--------------------
John
----------------------------------------------------------------
My compiles and utilities are at http://www.rarewares.org/
Go to the top of the page
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 17th April 2014 - 09:19