Page MenuHomePhabricator

Trivial use-after-free in e17 modules/mixer/pa.c ca. line 744
Closed, ResolvedPublic

Description

buf = eina_stringshare_add(STATEDIR "/run/pulse/native");
if (stat(buf, &st))
  {
     eina_stringshare_del(buf);
     INF("could not locate local socket '%s'!", buf);

Probably INF() should happen before the buf is deleted. Valgrind complains:

==79635== Invalid read of size 1
==79635==    at 0x4C272EE: memcpy (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
==79635==    by 0x9203FFA: ??? (in /lib/libc.so.7)
==79635==    by 0x91F6BE4: ??? (in /lib/libc.so.7)
==79635==    by 0x91F398B: ??? (in /lib/libc.so.7)
==79635==    by 0x91F37E2: vfprintf_l (in /lib/libc.so.7)
==79635==    by 0x54BBF6: _e_log_cb (e_log.c:23)
==79635==    by 0x5B96415: ??? (in /usr/local/lib/libeina.so.1.13.1)
==79635==    by 0x5B95ADB: eina_log_print (in /usr/local/lib/libeina.so.1.13.1)
==79635==    by 0x1A630A83: pulse_new (pa.c:745)
==79635==    by 0x1A634FE4: e_mixer_pulse_init (sys_pulse.c:312)
==79635==    by 0x1A627BDB: e_modapi_init (e_mod_main.c:1385)
==79635==    by 0x55AAC3: e_module_enable (e_module.c:480)
==79635==    by 0x559F10: _e_module_cb_idler (e_module.c:803)
==79635==    by 0x663AE35: ??? (in /usr/local/lib/libecore.so.1.13.1)
==79635==    by 0x663C949: ??? (in /usr/local/lib/libecore.so.1.13.1)
==79635==    by 0x663CC86: ecore_main_loop_begin (in /usr/local/lib/libecore.so.1.13.1)
==79635==    by 0x43E1D2: main (e_main.c:1039)
==79635==  Address 0x17ddaac6 is 22 bytes inside a block of size 42 free'd
==79635==    at 0x4C242DC: free (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
==79635==    by 0x5BA1F8F: ??? (in /usr/local/lib/libeina.so.1.13.1)
==79635==    by 0x5BA81E3: eina_stringshare_del (in /usr/local/lib/libeina.so.1.13.1)
==79635==    by 0x1A630A48: pulse_new (pa.c:744)
==79635==    by 0x1A634FE4: e_mixer_pulse_init (sys_pulse.c:312)
==79635==    by 0x1A627BDB: e_modapi_init (e_mod_main.c:1385)
==79635==    by 0x55AAC3: e_module_enable (e_module.c:480)
==79635==    by 0x559F10: _e_module_cb_idler (e_module.c:803)
==79635==    by 0x663AE35: ??? (in /usr/local/lib/libecore.so.1.13.1)
==79635==    by 0x663C949: ??? (in /usr/local/lib/libecore.so.1.13.1)
==79635==    by 0x663CC86: ecore_main_loop_begin (in /usr/local/lib/libecore.so.1.13.1)
==79635==    by 0x43E1D2: main (e_main.c:1039)
c created this task.Apr 7 2015, 2:01 PM
c updated the task description. (Show Details)
c raised the priority of this task from to Incoming Queue.
c added a project: enlightenment-git.
c edited this Maniphest Task.Apr 7 2015, 2:21 PM
zmike edited this Maniphest Task.Apr 7 2015, 4:37 PM
zmike closed this task as Resolved.Apr 7 2015, 4:37 PM

Closed by commit rEa5012da244f3.

zmike changed the visibility from "All Users" to "Public (No Login Required)".Apr 7 2015, 6:10 PM
c edited this Maniphest Task.Apr 9 2015, 2:39 AM