Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 8ee91625 authored by Danny Baumann's avatar Danny Baumann
Browse files

Fix a couple of nasty heap corruption bugs. 

- When replacing the buffer pointer with another one, the allocated
  length wasn't updated. As the TI encoder relies of those being matched
up (it e.g. does a memset(pBuffer, 0, nAllocLen) at certain places), this
could lead to random memory being overwritten (or to a segfault when
reaching the end of the mapping)
- When replacing the buffer, the old buffer wasn't saved and restored
  before calling freeBuffer. This led to a different address passed to
free() than was returned by malloc(), could lead to all kinds of weird,
undefined behaviour.
parent 75b2e6d7
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment