We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 1269

Summary: [PATCH] Fix memory leaks, null pointer dereference
Product: SDL_mixer Reporter: Joshua Beck <b10654934>
Component: miscAssignee: Ryan C. Gordon <icculus>
Status: RESOLVED FIXED QA Contact: Sam Lantinga <slouken>
Severity: normal    
Priority: P2 CC: leyland.needham
Version: 1.2.11   
Hardware: All   
OS: All   
Attachments: Patch that fixes some memory errors against current hg

Description Joshua Beck 2011-08-07 00:27:36 UTC 
Created attachment 670 [details]
Patch that fixes some memory errors against current hg

cppcheck found these errors:

[load_flac.c:337]: (error) Memory leak: client_data
[music_cmd.c:177]: (error) Possible null pointer dereference: argv - otherwise it is redundant to check if argv is null at line 172
[mixer.c:1294]: (error) Memory leak: new_e
[mixer.c:654]: (error) Memory leak: wavecvt.buf
[playmus.c:73]: (error) fflush() called on input stream "stdin" may result in undefined behaviour
[playwave.c]: (information) Interrupted checking because of too many #ifdef configurations.
[music.c]: (information) Interrupted checking because of too many #ifdef configurations.
[timidity/readmidi.c:115]: (error) Dereferencing 's' after it is deallocated / released

I fixed the ones in mixer.c and timidity/readmidi.c. The others I didn't know if they were false positives or not.
Comment 1 Ryan C. Gordon 2011-08-24 23:21:45 UTC 
This is now hg changeset 563dbb082a17, thanks!

--ryan.
Comment 2 Lee 2011-09-10 23:05:35 UTC 
With this patch (in particular the change to mixer.c:654) I'm getting a segfault sometimes and when calling Mix_FreeChunk a crash in 'free'.

This is because wavecvt.buf is actually assigned to chunk->abuf and is supposed to be freed when Mix_FreeChunk is called. So when something tries to play the audio it accesses the freed memory (which can cause a segfault or random sounds), and when Mix_FreeChunk tries to free chunk->abuf it was already freed in Mix_LoadWav.
Comment 3 Ryan C. Gordon 2011-09-14 09:24:09 UTC 
(In reply to comment #2)
> This is because wavecvt.buf is actually assigned to chunk->abuf and is supposed
> to be freed when Mix_FreeChunk is called. So when something tries to play the
> audio it accesses the freed memory (which can cause a segfault or random
> sounds), and when Mix_FreeChunk tries to free chunk->abuf it was already freed
> in Mix_LoadWav.

Whoops, you're right. I've fixed this in hg changeset 675a11e697c6.

Thanks!

--ryan.