qf/quakeforge
0
0
Fork 0
mirror of https://git.code.sf.net/p/quake/quakeforge synced 2025-04-15 22:01:01 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ui] Plug a memory leak and use-after-free in imui

Browse source 
The leak was due to forgetting to reset the links array, and
use-after-free needed running through the imui_reference pool to reset
any owning links.
This commit is contained in:
Bill Currie 2024-01-03 18:53:09 +09:00
parent bfa7c1722a
commit 929b1f0662
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
libs/ui/imui.c
View file

@ -324,6 +324,15 @@ IMUI_DestroyContext (imui_ctx_t *ctx)
Hash_DelTable (ctx->tab);
Hash_DelContext (ctx->hashctx);
Shaper_Delete (ctx->shaper);
auto reg = ctx->csys.reg;
auto pool = &reg->comp_pools[c_reference];
for (uint32_t i = 0; i < pool->count; i++) {
auto ref = &((imui_reference_t *)pool->data)[i];
if (ref->ctx == ctx) {
ref->ctx = 0;
}
}
free (ctx);
}
@ -421,6 +430,7 @@ IMUI_BeginFrame (imui_ctx_t *ctx)
ctx->draw_order = imui_draw_order (ctx->windows.size);
DARRAY_RESIZE (&ctx->parent_stack, 0);
DARRAY_RESIZE (&ctx->windows, 0);
DARRAY_RESIZE (&ctx->links, 0);
DARRAY_RESIZE (&ctx->style_stack, 0);
ctx->current_menu = 0;
}