Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#11556 closed Patch - Bug Fix (fixed)

Fix for use after free bug in ParseText.cpp (potential memory corruption/crash)

Reported by: Gary Buhrmaster <gary.buhrmaster@…> Owned by: Gary Buhrmaster <gary.buhrmaster@…>
Priority: minor Milestone: 0.27
Component: MythTV - General Version: Master Head
Severity: medium Keywords:
Cc: Ticket locked: no

Description

Static analysis (scan-build) detected a use of memory after free (realloc). The new string address should be used rather then the old string address. This patch moves the assignment of the new address to before the use. In addition, to follow the stated conventions, the string is zero terminated (even though this is not really a string). Both changes are consistent with the other code involving this member variable. The code dates from ~2004/6, and this looks like a copy/paste error sometime in the past.

https://github.com/garybuhrmaster/mythtv/commit/df4aef6acf73e31f6399ce4c30c2d508e26c72a1

Change History (2)

comment:1 Changed 11 years ago by Gary Buhrmaster <gary.buhrmaster@…>

Owner: set to Gary Buhrmaster <gary.buhrmaster@…>
Resolution: fixed
Status: newclosed

In 63687f832a105956e8e070306cc81d85b5f9945e/mythtv:

Fix use after free (realloc) in ParseText?.cpp

Static analysis detected a use after free (realloc). The
member variable should use the new string address, and it
is assigned the new string address after the usage. This
looks to be a copy/paste error sometime in the past. In
addition, follow the stated convention and null terminate
the string, just in case.
(cherry picked from commit df4aef6acf73e31f6399ce4c30c2d508e26c72a1)

Signed-off-by: Stuart Morgan <smorgan@…>

Fixes #11556

comment:2 Changed 11 years ago by paulh

Milestone: unknown0.27
Note: See TracTickets for help on using tickets.