svn commit: r440737 - in branches/2017Q2/games/acm: . files
Jan Beich
jbeich at FreeBSD.org
Fri May 12 22:35:55 UTC 2017
Author: jbeich
Date: Fri May 12 22:35:53 2017
New Revision: 440737
URL: https://svnweb.freebsd.org/changeset/ports/440737
Log:
MFH: r440736
games/acm: prevent free()ing unitialized data
acm may coredump immediately after starting on systems which do not
zero malloc()ed memory e.g., MALLOC_CONF=junk:true. This is because
one of the fields of a malloc()ed data structure (w) contains a
pointer (w->csPool2), and if that pointer is never used, then later
code will find the pointer is non-NULL and try to free() the memory
pointed to by the pointer.
PR: 215427
Submitted by: Jeff Gibbons <jgibbons at protogate.com>
Approved by: ports-secteam blanket
Added:
branches/2017Q2/games/acm/files/patch-V_lib_InitAWin.c
- copied unchanged from r440736, head/games/acm/files/patch-V_lib_InitAWin.c
Modified:
branches/2017Q2/games/acm/Makefile
Directory Properties:
branches/2017Q2/ (props changed)
Modified: branches/2017Q2/games/acm/Makefile
==============================================================================
--- branches/2017Q2/games/acm/Makefile Fri May 12 22:33:54 2017 (r440736)
+++ branches/2017Q2/games/acm/Makefile Fri May 12 22:35:53 2017 (r440737)
@@ -3,7 +3,7 @@
PORTNAME= acm
PORTVERSION= 5.0
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= games
MASTER_SITES= http://mirror.amdmi3.ru/distfiles/
Copied: branches/2017Q2/games/acm/files/patch-V_lib_InitAWin.c (from r440736, head/games/acm/files/patch-V_lib_InitAWin.c)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/games/acm/files/patch-V_lib_InitAWin.c Fri May 12 22:35:53 2017 (r440737, copy of r440736, head/games/acm/files/patch-V_lib_InitAWin.c)
@@ -0,0 +1,16 @@
+--- V/lib/InitAWin.c.orig 1998-08-14 21:09:02 UTC
++++ V/lib/InitAWin.c
+@@ -69,6 +69,13 @@ InitializeX11AWindow(Display * dpy, int screen, Drawab
+ w->csPool1 = (ColorSegment *) malloc(w->CSSize1 * sizeof(ColorSegment));
+ memset(w->csPool1, 0, w->CSSize1 * sizeof(ColorSegment));
+
++ // Initialize csPool2 so program doesn't crash later,
++ // when trying to free it.
++ {
++ w->CSSize2 = 0;
++ w->csPool2 = (ColorSegment *) NULL;
++ }
++
+ w->scanLine = (ScanLine *) malloc((w->height + 1) * sizeof(ScanLine));
+ w->lastScanLine = (ScanLine *) malloc((w->height + 1) * sizeof(ScanLine));
+ w->otherLastScanLine = NULL;
More information about the svn-ports-all
mailing list