#6127 closed defect (fixed)
SAGA: use-after-free warning
| Reported by: | criezy | Owned by: | bluegr |
|---|---|---|---|
| Priority: | normal | Component: | Engine: SAGA |
| Version: | Keywords: | ||
| Cc: | Game: |
Description
Compiling the SAGA engine with clang reports a use-after-free warning in shorten.cpp line 526 (at the end of loadShortenFromStream()). I am not familiar with this engine and this might be a false positive, but the code looks very suspicious:
if (size > 0) free(unpackedBuffer); // <- free
delete gReader; return unpackedBuffer; // <- use after free
Ticket imported from: #3558052. Ticket imported from: bugs/6127.
Change History (5)
comment:1 by , 12 years ago
comment:2 by , 12 years ago
| Owner: | set to |
|---|
comment:4 by , 12 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:5 by , 6 years ago
| Component: | → Engine: SAGA |
|---|
Note:
See TracTickets
for help on using tickets.
Yes, this looks wrong. The shorten code is only used by SAGA2, which is not supported yet AFAIK, thus this is really only affecting WIP work.
I think this free is just a copy&paste mistake from line 501, where the buffer is freed when it will return with an error. Since this looks like it's the "all works fine" path, lines 526 and 527 should probably be removed.