215427 – [patch] games/acm coredumps immediately on start

Bug 215427 - [patch] games/acm coredumps immediately on start

Summary: [patch] games/acm coredumps immediately on start

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Jan Beich

URL:
Keywords:	patch

Depends on:
Blocks:

Reported:	2016-12-19 19:48 UTC by Jeff Gibbons
Modified:	2017-05-12 22:37 UTC (History)
CC List:	0 users

See Also:

Attachments
A new file which should be added to /usr/ports/games/acm/files/ to add code to V/lib/InitAWin.c to zero w->csPool2 after malloc()ing w. (616 bytes, text/plain) 2016-12-19 19:48 UTC, Jeff Gibbons	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeff Gibbons 2016-12-19 19:48:06 UTC

Created attachment 178115 [details]
A new file which should be added to /usr/ports/games/acm/files/ to add code to V/lib/InitAWin.c to zero w->csPool2 after malloc()ing w.

games/acm may coredump immediately after starting on systems which do not zero malloc()ed memory.  This is because one of the fields of a malloc()ed data structure (w) contains a pointer (w->csPool2), and if that pointer is never used, then later code will find the pointer is non-NULL and try to free() the memory pointed to by the pointer.  The attached patch adds code to set the pointer to NULL after the initial malloc() call, so later code does not try to free() it.

Comment 1 commit-hook freebsd_committer

2017-05-12 22:34:25 UTC

A commit references this bug:

Author: jbeich
Date: Fri May 12 22:33:55 UTC 2017
New revision: 440736
URL: https://svnweb.freebsd.org/changeset/ports/440736

Log:
  games/acm: prevent free()ing unitialized data

  acm may coredump immediately after starting on systems which do not
  zero malloc()ed memory e.g., MALLOC_CONF=junk:true. This is because
  one of the fields of a malloc()ed data structure (w) contains a
  pointer (w->csPool2), and if that pointer is never used, then later
  code will find the pointer is non-NULL and try to free() the memory
  pointed to by the pointer.

  PR:		215427
  Submitted by:	Jeff Gibbons <jgibbons@protogate.com>

Changes:
  head/games/acm/Makefile
  head/games/acm/files/patch-V_lib_InitAWin.c

Comment 2 commit-hook freebsd_committer

2017-05-12 22:36:29 UTC

A commit references this bug:

Author: jbeich
Date: Fri May 12 22:35:53 UTC 2017
New revision: 440737
URL: https://svnweb.freebsd.org/changeset/ports/440737

Log:
  MFH: r440736

  games/acm: prevent free()ing unitialized data

  acm may coredump immediately after starting on systems which do not
  zero malloc()ed memory e.g., MALLOC_CONF=junk:true. This is because
  one of the fields of a malloc()ed data structure (w) contains a
  pointer (w->csPool2), and if that pointer is never used, then later
  code will find the pointer is non-NULL and try to free() the memory
  pointed to by the pointer.

  PR:		215427
  Submitted by:	Jeff Gibbons <jgibbons@protogate.com>
  Approved by:	ports-secteam blanket

Changes:
_U  branches/2017Q2/
  branches/2017Q2/games/acm/Makefile
  branches/2017Q2/games/acm/files/patch-V_lib_InitAWin.c