Welcome Guest ( Log In | Register )

OggDropXPd (1.9.0) crashes due to heap corruption
post Jan 27 2013, 05:28
Post #1

Group: Developer
Posts: 693
Joined: 22-November 10
From: Japan
Member No.: 85902

In encthread.c at around line 1482:
        if (out_fn)
        if (enc_opts.filename)

enc_opts.filename points to the same address as out_fn (see line 1246), hence the double free.
However, it's worse than that. out_fn (and enc_opts.filename) actually points to the stack array strFileName[] (see line 1219). So it tries to free same stack address twice, which leads this encoding thread to a crash.
I was somewhat surprised to see that this file is not touched after year 2008, and no one ever complained about this bug.
Go to the top of the page
+Quote Post

Posts in this topic

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:


RSS Lo-Fi Version Time is now: 1st December 2015 - 01:21