Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 12 May 2017 22:33:55 +0000 (UTC)
From:      Jan Beich <jbeich@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r440736 - in head/games/acm: . files
Message-ID:  <201705122233.v4CMXtwn073752@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: jbeich
Date: Fri May 12 22:33:54 2017
New Revision: 440736
URL: https://svnweb.freebsd.org/changeset/ports/440736

Log:
  games/acm: prevent free()ing unitialized data
  
  acm may coredump immediately after starting on systems which do not
  zero malloc()ed memory e.g., MALLOC_CONF=junk:true. This is because
  one of the fields of a malloc()ed data structure (w) contains a
  pointer (w->csPool2), and if that pointer is never used, then later
  code will find the pointer is non-NULL and try to free() the memory
  pointed to by the pointer.
  
  PR:		215427
  Submitted by:	Jeff Gibbons <jgibbons@protogate.com>

Added:
  head/games/acm/files/patch-V_lib_InitAWin.c   (contents, props changed)
Modified:
  head/games/acm/Makefile

Modified: head/games/acm/Makefile
==============================================================================
--- head/games/acm/Makefile	Fri May 12 21:52:08 2017	(r440735)
+++ head/games/acm/Makefile	Fri May 12 22:33:54 2017	(r440736)
@@ -3,7 +3,7 @@
 
 PORTNAME=	acm
 PORTVERSION=	5.0
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	games
 MASTER_SITES=	http://mirror.amdmi3.ru/distfiles/
 

Added: head/games/acm/files/patch-V_lib_InitAWin.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/games/acm/files/patch-V_lib_InitAWin.c	Fri May 12 22:33:54 2017	(r440736)
@@ -0,0 +1,16 @@
+--- V/lib/InitAWin.c.orig	1998-08-14 21:09:02 UTC
++++ V/lib/InitAWin.c
+@@ -69,6 +69,13 @@ InitializeX11AWindow(Display * dpy, int screen, Drawab
+ 	w->csPool1 = (ColorSegment *) malloc(w->CSSize1 * sizeof(ColorSegment));
+ 	memset(w->csPool1, 0, w->CSSize1 * sizeof(ColorSegment));
+ 
++	// Initialize csPool2 so program doesn't crash later,
++	// when trying to free it.
++	{
++		w->CSSize2 = 0;
++		w->csPool2 = (ColorSegment *) NULL;
++	}
++
+ 	w->scanLine = (ScanLine *) malloc((w->height + 1) * sizeof(ScanLine));
+ 	w->lastScanLine = (ScanLine *) malloc((w->height + 1) * sizeof(ScanLine));
+ 	w->otherLastScanLine = NULL;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201705122233.v4CMXtwn073752>