[packages/freewheeling] fix 'double free' crash on loop delete
jajcus
jajcus at pld-linux.org
Fri Mar 17 13:44:20 CET 2017
commit 3676ae664a0585c4e8536fe27d99ed44f4a553c0
Author: Jacek Konieczny <j.konieczny at eggsoft.pl>
Date: Fri Mar 17 13:43:36 2017 +0100
fix 'double free' crash on loop delete
double_free.patch | 35 +++++++++++++++++++++++++++++++++++
freewheeling.spec | 4 +++-
2 files changed, 38 insertions(+), 1 deletion(-)
---
diff --git a/freewheeling.spec b/freewheeling.spec
index d0bb26c..9f47a8f 100644
--- a/freewheeling.spec
+++ b/freewheeling.spec
@@ -4,7 +4,7 @@
Summary: Freewheeling Live Looper
Name: freewheeling
Version: 0.6.1
-Release: 0.git.1
+Release: 0.git.2
License: GPL v2
Group: Applications
Source0: https://github.com/free-wheeling/freewheeling/archive/%{commit}/%{name}-%{commit}.tar.gz
@@ -12,6 +12,7 @@ Source0: https://github.com/free-wheeling/freewheeling/archive/%{commit}/%{name}
Patch0: format_string.patch
Patch1: destdir.patch
Patch2: config.patch
+Patch3: double_free.patch
URL: https://github.com/free-wheeling/freewheeling/
BuildRequires: SDL-devel
BuildRequires: SDL_gfx-devel
@@ -41,6 +42,7 @@ interface for instrumentalists to capture audio loops in real-time.
%patch0 -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
%build
%{__libtoolize}
diff --git a/double_free.patch b/double_free.patch
new file mode 100644
index 0000000..c205a25
--- /dev/null
+++ b/double_free.patch
@@ -0,0 +1,35 @@
+diff -dur freewheeling-4a03065f9d2f520cbd37dd560b4cae5685418153.orig/src/fweelin_block.cc freewheeling-4a03065f9d2f520cbd37dd560b4cae5685418153/src/fweelin_block.cc
+--- freewheeling-4a03065f9d2f520cbd37dd560b4cae5685418153.orig/src/fweelin_block.cc 2017-02-24 19:47:23.000000000 +0100
++++ freewheeling-4a03065f9d2f520cbd37dd560b4cae5685418153/src/fweelin_block.cc 2017-03-17 11:14:39.000000000 +0100
+@@ -1000,7 +1000,10 @@
+ BlockExtendedData *curxt = cur->xt;
+ while (curxt != 0) {
+ BlockExtendedData *tmpxt = curxt->next;
+- delete curxt;
++ if (curxt->GetType() == T_BED_ExtraChannel)
++ ((BED_ExtraChannel *)curxt)->RTDelete();
++ else
++ delete curxt;
+ curxt = tmpxt;
+ }
+
+diff -dur freewheeling-4a03065f9d2f520cbd37dd560b4cae5685418153.orig/src/fweelin_mem.h freewheeling-4a03065f9d2f520cbd37dd560b4cae5685418153/src/fweelin_mem.h
+--- freewheeling-4a03065f9d2f520cbd37dd560b4cae5685418153.orig/src/fweelin_mem.h 2017-02-24 19:47:23.000000000 +0100
++++ freewheeling-4a03065f9d2f520cbd37dd560b4cae5685418153/src/fweelin_mem.h 2017-03-17 11:12:46.000000000 +0100
+@@ -132,12 +132,10 @@
+ exit(1);
+ };
+ void operator delete(void *d) {
+- //printf("ERROR: Preallocated type can not be deleted directly\n");
+- //exit(1);
+-
+- // We used to give an error message-
+- // now we pass this delete on to RTDelete
+- ((Preallocated *) d)->RTDelete();
++ // cannot pass to RTDelete as this would end with two delete executed
++ // and destructor called twice
++ printf("ERROR: Preallocated type can not be deleted directly\n");
++ exit(1);
+ }
+
+ // Realtime-safe function to get a new instance of this class
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/freewheeling.git/commitdiff/3676ae664a0585c4e8536fe27d99ed44f4a553c0
More information about the pld-cvs-commit
mailing list