From 4ae92ae128fcaefb098edb8123acb0d136e19e6f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Chlo=C3=A9=20Vulquin?= <code@toast.bunkerlabs.net>
Date: Sat, 20 Jan 2024 01:02:46 +0100
Subject: [PATCH] Memory fixes (#1705)

* fix: free-before-init in renwin_init_surface when using sdl renderer

`ren->rensurface.surface` presupposes zero-initialized rensurface.
Rensurface was not actually zero-initialized.
It is now.

* fix: heap buffer overflow in process_env_free

`process_env_free` presupposed that it was null-terminated.
Pass length to free instead.

* use calloc instead of memset for zero-init

Co-authored-by: Guldoman <giulio.lettieri@gmail.com>

---------

Co-authored-by: Guldoman <giulio.lettieri@gmail.com>
---
 src/api/process.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/api/process.c b/src/api/process.c
index 66f27536..7b41135d 100644
--- a/src/api/process.c
+++ b/src/api/process.c
@@ -560,12 +560,12 @@ static int process_env_add(process_env_t *env_list, size_t *env_len, const char
 }
 
 
-static void process_env_free(process_env_t *list) {
+static void process_env_free(process_env_t *list, size_t list_len) {
   if (!*list) return;
 #ifdef _WIN32
   free(*list);
 #else
-  for (size_t i = 0; (*list)[i]; i++) free((*list)[i]);
+  for (size_t i = 0; i < list_len; i++) free((*list)[i]);
   free(*list);
 #endif
   *list = NULL;
@@ -830,7 +830,7 @@ static int process_start(lua_State* L) {
     }
   }
   process_arglist_free(&arglist);
-  process_env_free(&env_vars);
+  process_env_free(&env_vars, env_vars_len);
 
   if (retval == -1)
     return lua_error(L);