IPB

Welcome Guest ( Log In | Register )

OggDropXPd (1.9.0) crashes due to heap corruption
nu774
post Jan 27 2013, 05:28
Post #1





Group: Developer
Posts: 514
Joined: 22-November 10
From: Japan
Member No.: 85902



In encthread.c at around line 1482:
CODE
        if (out_fn)
            free(out_fn);
        if (enc_opts.filename)
            free(enc_opts.filename);

enc_opts.filename points to the same address as out_fn (see line 1246), hence the double free.
However, it's worse than that. out_fn (and enc_opts.filename) actually points to the stack array strFileName[] (see line 1219). So it tries to free same stack address twice, which leads this encoding thread to a crash.
I was somewhat surprised to see that this file is not touched after year 2008, and no one ever complained about this bug.
Go to the top of the page
+Quote Post

Posts in this topic


Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 25th July 2014 - 17:21