all repos — mgba @ c60a5ea545fa1dac37732f7c4e260a2e2a7e31a3

mGBA Game Boy Advance Emulator

Fix path name use-after-free
Jeffrey Pfau jeffrey@endrift.com
Tue, 14 Oct 2014 23:15:31 -0700
commit

c60a5ea545fa1dac37732f7c4e260a2e2a7e31a3

parent

fdf2ce299c8666486ac539d5750351f2ce62a670

1 files changed, 5 insertions(+), 1 deletions(-)

jump to
M src/platform/qt/GameController.cppsrc/platform/qt/GameController.cpp 
@@ -126,7 +126,7 @@
 	m_pauseAfterFrame = false;
 
 	m_threadContext.rom = VFileFromFD(m_rom->handle());
-	m_threadContext.fname = path.toLocal8Bit().constData();
+	m_threadContext.fname = strdup(path.toLocal8Bit().constData());
 
 	GBAThreadStart(&m_threadContext);
 }

@@ -137,6 +137,10 @@ return;
 	}
 	GBAThreadEnd(&m_threadContext);
 	GBAThreadJoin(&m_threadContext);
+	if (m_threadContext.fname) {
+		free(const_cast<char*>(m_threadContext.fname));
+		m_threadContext.fname = nullptr;
+	}
 	if (m_rom) {
 		m_rom->close();
 		delete m_rom;