File 0001-use-after-free-fluidsynth.patch of Package SDL2_mixer

Overview Repositories Revisions Requests Users Attributes Meta

File 0001-use-after-free-fluidsynth.patch of Package SDL2_mixer

From adee41d0c5211142c3422c889dcda8ccf9aad34f Mon Sep 17 00:00:00 2001
From: Sam Lantinga <slouken@libsdl.org>
Date: Wed, 20 Jan 2021 10:17:10 -0800
Subject: [PATCH] Fixed use-after-free in music_fluidsynth.c

Tom M.

There is a dangerous use-after-free in FLUIDSYNTH_Delete(): the settings object is deleted **before** the synth. Since the settings have been created first to initialize the synth, you must first delete the synth and then delete the settings. This currently crashes all applications that use fluidsynth 2.1.6 and SDL2_mixer.

Originally reported at https://github.com/FluidSynth/fluidsynth/issues/748
---
 src/codecs/music_fluidsynth.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/codecs/music_fluidsynth.c b/src/codecs/music_fluidsynth.c
index 8667f0d9..a47247f4 100644
--- a/music_fluidsynth.c	2018-10-31 15:59:00.000000000 +0100
+++ b/music_fluidsynth.c	2021-01-20 18:29:11.610459000 +0100
@@ -273,9 +273,10 @@
 static void FLUIDSYNTH_Delete(void *context)
 {
     FLUIDSYNTH_Music *music = (FLUIDSYNTH_Music *)context;
+    fluid_settings_t *settings = fluidsynth.fluid_synth_get_settings(music->synth);
     fluidsynth.delete_fluid_player(music->player);
-    fluidsynth.delete_fluid_settings(fluidsynth.fluid_synth_get_settings(music->synth));
     fluidsynth.delete_fluid_synth(music->synth);
+    fluidsynth.delete_fluid_settings(settings);
     SDL_free(music);
 }

Places

File 0001-use-after-free-fluidsynth.patch of Package SDL2_mixer

Places