mirror of
https://github.com/TTimo/GtkRadiant.git
synced 2024-11-10 07:11:54 +00:00
Fix undefined behavior in FreeStackWinding
Fix subtraction of unrelated pointers and integer overflow in FreeStackWinding (both are undefined behavior). In rare cases "i" would non-deterministically be between 0 and 2 even though the pointers were in unrelated addresses, which caused a spurious free of one of the three windings - eventually the real free would happen, be detected as a double free and an exit(1) would ensue. Example contents of w and stack->windings that triggered this in a test: 0xa9251c0 0x7f440a924f78 Checking for pointer equality makes the behavior defined and correct: http://port70.net/~nsz/c/c99/n1256.html#6.5.9
This commit is contained in:
parent
69972f9458
commit
5e308f9056
1 changed files with 8 additions and 9 deletions
|
@ -116,16 +116,15 @@ fixedWinding_t *AllocStackWinding( pstack_t *stack ){
|
|||
void FreeStackWinding( fixedWinding_t *w, pstack_t *stack ){
|
||||
int i;
|
||||
|
||||
i = w - stack->windings;
|
||||
|
||||
if ( i < 0 || i > 2 ) {
|
||||
return; // not from local
|
||||
|
||||
for (i = 0; i < sizeof(stack->windings) / sizeof(stack->windings[0]); i++) {
|
||||
if (w == &stack->windings[i]) {
|
||||
if ( stack->freewindings[i] ) {
|
||||
Error( "FreeStackWinding: already free" );
|
||||
}
|
||||
stack->freewindings[i] = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if ( stack->freewindings[i] ) {
|
||||
Error( "FreeStackWinding: allready free" );
|
||||
}
|
||||
stack->freewindings[i] = 1;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
Loading…
Reference in a new issue