https://gitlab.synchro.net/main/sbbs/-/commit/75008b3055306224ca0272cc
Modified Files:
src/syncterm/ripper.c
Log Message:
Fix a couple use-after-free bugs in RIP
This likely is the cause of bug 140.
The first one, the LCF flag is copied out of the cterm struct
after cterm_end() is called (which frees the struct). Copy moved
to before cterm_end().
The second one is trickier... it's executing the commands in a mouse
button, and one of the commands is to delete all the mouse button
commands. This ends up free()ing the string that's currently being
parsed while it's being parsed. We now use a strdup() of the string
which we free at the end of the function.
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
|