Debugger: Fix use-after-free in breakpoint clearing code
Jeffrey Pfau jeffrey@endrift.com
Wed, 22 Apr 2015 21:24:02 -0700
2 files changed,
14 insertions(+),
7 deletions(-)
M
CHANGES
→
CHANGES
@@ -18,6 +18,7 @@ - GBA Memory: Fix 32-bit loads from unaddress cartridge space
- Qt: Fix multiplayer windows opening as the wrong size - Qt: Fix controllers sometimes not loading the right profile - GBA: Fix hang when loading a savestate if sync to video is enabled + - Debugger: Fix use-after-free in breakpoint clearing code Misc: - Qt: Show multiplayer numbers in window title - Qt: Solar sensor can have shortcuts set
M
src/debugger/debugger.c
→
src/debugger/debugger.c
@@ -149,11 +149,14 @@
void ARMDebuggerClearBreakpoint(struct ARMDebugger* debugger, uint32_t address) { struct DebugBreakpoint** previous = &debugger->breakpoints; struct DebugBreakpoint* breakpoint; - for (; (breakpoint = *previous); previous = &breakpoint->next) { + struct DebugBreakpoint** next; + while ((breakpoint = *previous)) { + next = &breakpoint->next; if (breakpoint->address == address) { - *previous = breakpoint->next; + *previous = *next; free(breakpoint); } + previous = next; } }@@ -169,12 +172,15 @@ }
void ARMDebuggerClearWatchpoint(struct ARMDebugger* debugger, uint32_t address) { struct DebugWatchpoint** previous = &debugger->watchpoints; - struct DebugWatchpoint* breakpoint; - for (; (breakpoint = *previous); previous = &breakpoint->next) { - if (breakpoint->address == address) { - *previous = breakpoint->next; - free(breakpoint); + struct DebugWatchpoint* watchpoint; + struct DebugWatchpoint** next; + while ((watchpoint = *previous)) { + next = &watchpoint->next; + if (watchpoint->address == address) { + *previous = *next; + free(watchpoint); } + previous = next; } if (!debugger->watchpoints) { ARMDebuggerRemoveMemoryShim(debugger);