Mercurial > sdl-ios-xcode
comparison src/audio/SDL_wave.c @ 4158:96ce26f24b01 SDL-1.2
Date: Sun, 7 Sep 2008 15:17:00 +0200
From: c2woody@gmx.net
Subject: [SDL] SDL 1.2 doube free/pointer zeroing missing
Hello,
this is about a crash/debug breakage for the current SDL 1.2
source tree (today's svn checkout, same problem in 1.2.13 and
before as far as relevant).
In some places memory is free()d but the associated pointer
is not zeroed, leading to for example double free()s.
For me this happened because SDL_StopEventThread() was executed
twice (during restart of the subsystems), once for the close
down in SDL_VideoQuit() and once at the startup, right at the
beginning of SDL_StartEventLoop(). Thus the code
SDL_DestroyMutex(SDL_EventQ.lock);
(see SDL_events.c) was called twice and executed the SDL_free(mutex);
twice as well, leading to a crash (msvc 64bit for which it was noticed).
I've tried to check all other occurrences of SDL_free and similar
code in msvc, see the attached patch (udiff against revision 4082).
Non-windows only codepaths have neither been checked nor touched.
Comments/ideas welcome.
Attached patch: NULLifies some pointers after they have been free()d.
| author | Sam Lantinga <slouken@libsdl.org> |
|---|---|
| date | Wed, 12 Nov 2008 17:23:40 +0000 |
| parents | 7995cc87b777 |
| children | a1b03ba2fcd0 |
comparison
equal
deleted
inserted
replaced
| 4157:baf615f9f2a0 | 4158:96ce26f24b01 |
|---|---|
| 438 /* Read the audio data format chunk */ | 438 /* Read the audio data format chunk */ |
| 439 chunk.data = NULL; | 439 chunk.data = NULL; |
| 440 do { | 440 do { |
| 441 if ( chunk.data != NULL ) { | 441 if ( chunk.data != NULL ) { |
| 442 SDL_free(chunk.data); | 442 SDL_free(chunk.data); |
| 443 chunk.data = NULL; | |
| 443 } | 444 } |
| 444 lenread = ReadChunk(src, &chunk); | 445 lenread = ReadChunk(src, &chunk); |
| 445 if ( lenread < 0 ) { | 446 if ( lenread < 0 ) { |
| 446 was_error = 1; | 447 was_error = 1; |
| 447 goto done; | 448 goto done; |
| 520 /* Read the audio data chunk */ | 521 /* Read the audio data chunk */ |
| 521 *audio_buf = NULL; | 522 *audio_buf = NULL; |
| 522 do { | 523 do { |
| 523 if ( *audio_buf != NULL ) { | 524 if ( *audio_buf != NULL ) { |
| 524 SDL_free(*audio_buf); | 525 SDL_free(*audio_buf); |
| 526 *audio_buf = NULL; | |
| 525 } | 527 } |
| 526 lenread = ReadChunk(src, &chunk); | 528 lenread = ReadChunk(src, &chunk); |
| 527 if ( lenread < 0 ) { | 529 if ( lenread < 0 ) { |
| 528 was_error = 1; | 530 was_error = 1; |
| 529 goto done; | 531 goto done; |
| 589 return(-1); | 591 return(-1); |
| 590 } | 592 } |
| 591 if ( SDL_RWread(src, chunk->data, chunk->length, 1) != 1 ) { | 593 if ( SDL_RWread(src, chunk->data, chunk->length, 1) != 1 ) { |
| 592 SDL_Error(SDL_EFREAD); | 594 SDL_Error(SDL_EFREAD); |
| 593 SDL_free(chunk->data); | 595 SDL_free(chunk->data); |
| 596 chunk->data = NULL; | |
| 594 return(-1); | 597 return(-1); |
| 595 } | 598 } |
| 596 return(chunk->length); | 599 return(chunk->length); |
| 597 } | 600 } |