Codebase list libsdl2-mixer / 1cf81e4b-32aa-4bef-a02a-e9828ed5d19d/main debian / patches / 0199-Fixed-use-after-free-in-music_fluidsynth.c.patch
1cf81e4b-32aa-4bef-a02a-e9828ed5d19d/main

Tree @1cf81e4b-32aa-4bef-a02a-e9828ed5d19d/main (Download .tar.gz)

0199-Fixed-use-after-free-in-music_fluidsynth.c.patch @1cf81e4b-32aa-4bef-a02a-e9828ed5d19d/mainraw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
From 6160668079f91d57a5d7bf0b40ffdd843be70daf Mon Sep 17 00:00:00 2001
From: Sam Lantinga <slouken@libsdl.org>
Date: Wed, 20 Jan 2021 10:17:10 -0800
Subject: [PATCH 199/199] Fixed use-after-free in music_fluidsynth.c

Tom M.

There is a dangerous use-after-free in FLUIDSYNTH_Delete(): the settings object is deleted **before** the synth. Since the settings have been created first to initialize the synth, you must first delete the synth and then delete the settings. This currently crashes all applications that use fluidsynth 2.1.6 and SDL2_mixer. Please apply the attached patch and release a bug fix release.

Originally reported at https://github.com/FluidSynth/fluidsynth/issues/748
---
 src/codecs/music_fluidsynth.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/music_fluidsynth.c
+++ b/music_fluidsynth.c
@@ -273,9 +273,10 @@ static void FLUIDSYNTH_Stop(void *contex
 static void FLUIDSYNTH_Delete(void *context)
 {
     FLUIDSYNTH_Music *music = (FLUIDSYNTH_Music *)context;
+    fluid_settings_t *settings = fluidsynth.fluid_synth_get_settings(music->synth);
     fluidsynth.delete_fluid_player(music->player);
-    fluidsynth.delete_fluid_settings(fluidsynth.fluid_synth_get_settings(music->synth));
     fluidsynth.delete_fluid_synth(music->synth);
+    fluidsynth.delete_fluid_settings(settings);
     SDL_free(music);
 }