We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 1269 - [PATCH] Fix memory leaks, null pointer dereference
Summary: [PATCH] Fix memory leaks, null pointer dereference
Status: RESOLVED FIXED
Alias: None
Product: SDL_mixer
Classification: Unclassified
Component: misc (show other bugs)
Version: 1.2.11
Hardware: All All
: P2 normal
Assignee: Ryan C. Gordon
QA Contact: Sam Lantinga
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-07 00:27 UTC by Joshua Beck
Modified: 2011-09-14 09:24 UTC (History)
1 user (show)

See Also:

Attachments
Patch that fixes some memory errors against current hg (1.14 KB, patch)
2011-08-07 00:27 UTC, Joshua Beck 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Joshua Beck 2011-08-07 00:27:36 UTC 
Created attachment 670 [details]
Patch that fixes some memory errors against current hg

cppcheck found these errors:

[load_flac.c:337]: (error) Memory leak: client_data
[music_cmd.c:177]: (error) Possible null pointer dereference: argv - otherwise it is redundant to check if argv is null at line 172
[mixer.c:1294]: (error) Memory leak: new_e
[mixer.c:654]: (error) Memory leak: wavecvt.buf
[playmus.c:73]: (error) fflush() called on input stream "stdin" may result in undefined behaviour
[playwave.c]: (information) Interrupted checking because of too many #ifdef configurations.
[music.c]: (information) Interrupted checking because of too many #ifdef configurations.
[timidity/readmidi.c:115]: (error) Dereferencing 's' after it is deallocated / released

I fixed the ones in mixer.c and timidity/readmidi.c. The others I didn't know if they were false positives or not.
Comment 1 Ryan C. Gordon 2011-08-24 23:21:45 UTC 
This is now hg changeset 563dbb082a17, thanks!

--ryan.
Comment 2 Lee 2011-09-10 23:05:35 UTC 
With this patch (in particular the change to mixer.c:654) I'm getting a segfault sometimes and when calling Mix_FreeChunk a crash in 'free'.

This is because wavecvt.buf is actually assigned to chunk->abuf and is supposed to be freed when Mix_FreeChunk is called. So when something tries to play the audio it accesses the freed memory (which can cause a segfault or random sounds), and when Mix_FreeChunk tries to free chunk->abuf it was already freed in Mix_LoadWav.
Comment 3 Ryan C. Gordon 2011-09-14 09:24:09 UTC 
(In reply to comment #2)
> This is because wavecvt.buf is actually assigned to chunk->abuf and is supposed
> to be freed when Mix_FreeChunk is called. So when something tries to play the
> audio it accesses the freed memory (which can cause a segfault or random
> sounds), and when Mix_FreeChunk tries to free chunk->abuf it was already freed
> in Mix_LoadWav.

Whoops, you're right. I've fixed this in hg changeset 675a11e697c6.

Thanks!

--ryan.