Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 818068f7 authored by Danny Baumann's avatar Danny Baumann Committed by Steve Kondik
Browse files

Fix a couple of nasty heap corruption bugs. 

- When replacing the buffer pointer with another one, the allocated
  length wasn't updated. As the TI encoder relies of those being matched
up (it e.g. does a memset(pBuffer, 0, nAllocLen) at certain places), this
could lead to random memory being overwritten (or to a segfault when
reaching the end of the mapping)
- When replacing the buffer, the old buffer wasn't saved and restored
  before calling freeBuffer. This led to a different address passed to
free() than was returned by malloc(), could lead to all kinds of weird,
undefined behaviour.

Change-Id: I5e37c66d9c9405e209e5d8df3ea52d378cf44490
parent d3935fb9
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment