mirror of
https://github.com/CTCaer/hekate.git
synced 2024-12-22 16:12:03 +00:00
nyx: fix use after free and a heap corruption
Fix use after free and a heap corruption on emummc config loading/freeing that could cause hangs when entering emummc window.
This commit is contained in:
parent
f41d6be8d4
commit
4f2a6f16d3
3 changed files with 33 additions and 6 deletions
|
@ -51,16 +51,22 @@ void load_emummc_cfg(emummc_cfg_t *emu_info)
|
|||
{
|
||||
LIST_FOREACH_ENTRY(ini_kv_t, kv, &ini_sec->kvs, link)
|
||||
{
|
||||
if (!strcmp("enabled", kv->key))
|
||||
if (!strcmp("enabled", kv->key))
|
||||
emu_info->enabled = atoi(kv->val);
|
||||
else if (!strcmp("sector", kv->key))
|
||||
emu_info->sector = strtol(kv->val, NULL, 16);
|
||||
else if (!strcmp("id", kv->key))
|
||||
emu_info->id = strtol(kv->val, NULL, 16);
|
||||
else if (!strcmp("path", kv->key))
|
||||
emu_info->path = kv->val;
|
||||
else if (!strcmp("id", kv->key))
|
||||
emu_info->id = strtol(kv->val, NULL, 16);
|
||||
else if (!strcmp("path", kv->key))
|
||||
{
|
||||
emu_info->path = (char *)malloc(strlen(kv->val) + 1);
|
||||
strcpy(emu_info->path, kv->val);
|
||||
}
|
||||
else if (!strcmp("nintendo_path", kv->key))
|
||||
emu_info->nintendo_path = kv->val;
|
||||
{
|
||||
emu_info->nintendo_path = (char *)malloc(strlen(kv->val) + 1);
|
||||
strcpy(emu_info->nintendo_path, kv->val);
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
|
|
|
@ -1234,6 +1234,10 @@ lv_res_t create_win_emummc_tools(lv_obj_t *btn)
|
|||
lv_label_set_static_text(label_txt2, "emuMMC is disabled and eMMC will be used for boot.\n\n");
|
||||
}
|
||||
|
||||
if (emu_info.path)
|
||||
free(emu_info.path);
|
||||
if (emu_info.nintendo_path)
|
||||
free(emu_info.nintendo_path);
|
||||
free(txt_buf);
|
||||
|
||||
lv_obj_set_style(label_txt2, &hint_small_style);
|
||||
|
|
|
@ -34,6 +34,8 @@ extern volatile boot_cfg_t *b_cfg;
|
|||
extern hekate_config h_cfg;
|
||||
extern nyx_config n_cfg;
|
||||
|
||||
lv_obj_t *ums_mbox;
|
||||
|
||||
extern char *emmcsn_path_impl(char *path, char *sub_dir, char *filename, sdmmc_storage_t *storage);
|
||||
|
||||
static lv_obj_t *_create_container(lv_obj_t *parent)
|
||||
|
@ -498,6 +500,11 @@ static lv_res_t _action_ums_emuemmc_boot0(lv_obj_t *btn)
|
|||
usbs.offset = emu_info.sector;
|
||||
}
|
||||
}
|
||||
|
||||
if (emu_info.path)
|
||||
free(emu_info.path);
|
||||
if (emu_info.nintendo_path)
|
||||
free(emu_info.nintendo_path);
|
||||
}
|
||||
sd_unmount();
|
||||
|
||||
|
@ -540,6 +547,11 @@ static lv_res_t _action_ums_emuemmc_boot1(lv_obj_t *btn)
|
|||
usbs.offset = emu_info.sector + 0x2000;
|
||||
}
|
||||
}
|
||||
|
||||
if (emu_info.path)
|
||||
free(emu_info.path);
|
||||
if (emu_info.nintendo_path)
|
||||
free(emu_info.nintendo_path);
|
||||
}
|
||||
sd_unmount();
|
||||
|
||||
|
@ -592,6 +604,11 @@ static lv_res_t _action_ums_emuemmc_gpp(lv_obj_t *btn)
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (emu_info.path)
|
||||
free(emu_info.path);
|
||||
if (emu_info.nintendo_path)
|
||||
free(emu_info.nintendo_path);
|
||||
}
|
||||
sd_unmount();
|
||||
|
||||
|
|
Loading…
Reference in a new issue