From 3897e59e6bf05b9f6fd816387a8f40a6e77f6b9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Chlo=C3=A9=20Vulquin?= Date: Sat, 20 Jan 2024 01:02:46 +0100 Subject: [PATCH] Memory fixes (#1705) * fix: free-before-init in renwin_init_surface when using sdl renderer `ren->rensurface.surface` presupposes zero-initialized rensurface. Rensurface was not actually zero-initialized. It is now. * fix: heap buffer overflow in process_env_free `process_env_free` presupposed that it was null-terminated. Pass length to free instead. * use calloc instead of memset for zero-init Co-authored-by: Guldoman --------- Co-authored-by: Guldoman --- src/api/process.c | 6 +++--- src/renderer.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/api/process.c b/src/api/process.c index 66f27536..7b41135d 100644 --- a/src/api/process.c +++ b/src/api/process.c @@ -560,12 +560,12 @@ static int process_env_add(process_env_t *env_list, size_t *env_len, const char } -static void process_env_free(process_env_t *list) { +static void process_env_free(process_env_t *list, size_t list_len) { if (!*list) return; #ifdef _WIN32 free(*list); #else - for (size_t i = 0; (*list)[i]; i++) free((*list)[i]); + for (size_t i = 0; i < list_len; i++) free((*list)[i]); free(*list); #endif *list = NULL; @@ -830,7 +830,7 @@ static int process_start(lua_State* L) { } } process_arglist_free(&arglist); - process_env_free(&env_vars); + process_env_free(&env_vars, env_vars_len); if (retval == -1) return lua_error(L); diff --git a/src/renderer.c b/src/renderer.c index f1c5bb54..65fa8aa6 100644 --- a/src/renderer.c +++ b/src/renderer.c @@ -508,7 +508,7 @@ RenWindow* ren_init(SDL_Window *win) { fprintf(stderr, "internal font error when starting the application\n"); return NULL; } - RenWindow* window_renderer = malloc(sizeof(RenWindow)); + RenWindow* window_renderer = calloc(1, sizeof(RenWindow)); window_renderer->window = win; renwin_init_surface(window_renderer);