forked from pool/SDL2_mixer
Jan Engelhardt
0e928cc603
SDL2_mixer was not respecting the order of object destruction. This adds an upstream patch to prevent fluidsynth >= 2.1.6 from crashing: https://hg.libsdl.org/SDL_mixer/rev/b0afe341a91d OBS-URL: https://build.opensuse.org/request/show/865484 OBS-URL: https://build.opensuse.org/package/show/games/SDL2_mixer?expand=0&rev=24
31 lines
1.4 KiB
Diff
31 lines
1.4 KiB
Diff
From adee41d0c5211142c3422c889dcda8ccf9aad34f Mon Sep 17 00:00:00 2001
|
|
From: Sam Lantinga <slouken@libsdl.org>
|
|
Date: Wed, 20 Jan 2021 10:17:10 -0800
|
|
Subject: [PATCH] Fixed use-after-free in music_fluidsynth.c
|
|
|
|
Tom M.
|
|
|
|
There is a dangerous use-after-free in FLUIDSYNTH_Delete(): the settings object is deleted **before** the synth. Since the settings have been created first to initialize the synth, you must first delete the synth and then delete the settings. This currently crashes all applications that use fluidsynth 2.1.6 and SDL2_mixer.
|
|
|
|
Originally reported at https://github.com/FluidSynth/fluidsynth/issues/748
|
|
---
|
|
src/codecs/music_fluidsynth.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/codecs/music_fluidsynth.c b/src/codecs/music_fluidsynth.c
|
|
index 8667f0d9..a47247f4 100644
|
|
--- a/music_fluidsynth.c 2018-10-31 15:59:00.000000000 +0100
|
|
+++ b/music_fluidsynth.c 2021-01-20 18:29:11.610459000 +0100
|
|
@@ -273,9 +273,10 @@
|
|
static void FLUIDSYNTH_Delete(void *context)
|
|
{
|
|
FLUIDSYNTH_Music *music = (FLUIDSYNTH_Music *)context;
|
|
+ fluid_settings_t *settings = fluidsynth.fluid_synth_get_settings(music->synth);
|
|
fluidsynth.delete_fluid_player(music->player);
|
|
- fluidsynth.delete_fluid_settings(fluidsynth.fluid_synth_get_settings(music->synth));
|
|
fluidsynth.delete_fluid_synth(music->synth);
|
|
+ fluidsynth.delete_fluid_settings(settings);
|
|
SDL_free(music);
|
|
}
|
|
|