mirror of
https://github.com/CTCaer/hekate.git
synced 2024-11-22 18:06:40 +00:00
nyx: fix use after free and a heap corruption
Fix use after free and a heap corruption on emummc config loading/freeing that could cause hangs when entering emummc window.
This commit is contained in:
parent
f41d6be8d4
commit
4f2a6f16d3
3 changed files with 33 additions and 6 deletions
|
@ -58,9 +58,15 @@ void load_emummc_cfg(emummc_cfg_t *emu_info)
|
||||||
else if (!strcmp("id", kv->key))
|
else if (!strcmp("id", kv->key))
|
||||||
emu_info->id = strtol(kv->val, NULL, 16);
|
emu_info->id = strtol(kv->val, NULL, 16);
|
||||||
else if (!strcmp("path", kv->key))
|
else if (!strcmp("path", kv->key))
|
||||||
emu_info->path = kv->val;
|
{
|
||||||
|
emu_info->path = (char *)malloc(strlen(kv->val) + 1);
|
||||||
|
strcpy(emu_info->path, kv->val);
|
||||||
|
}
|
||||||
else if (!strcmp("nintendo_path", kv->key))
|
else if (!strcmp("nintendo_path", kv->key))
|
||||||
emu_info->nintendo_path = kv->val;
|
{
|
||||||
|
emu_info->nintendo_path = (char *)malloc(strlen(kv->val) + 1);
|
||||||
|
strcpy(emu_info->nintendo_path, kv->val);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -1234,6 +1234,10 @@ lv_res_t create_win_emummc_tools(lv_obj_t *btn)
|
||||||
lv_label_set_static_text(label_txt2, "emuMMC is disabled and eMMC will be used for boot.\n\n");
|
lv_label_set_static_text(label_txt2, "emuMMC is disabled and eMMC will be used for boot.\n\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (emu_info.path)
|
||||||
|
free(emu_info.path);
|
||||||
|
if (emu_info.nintendo_path)
|
||||||
|
free(emu_info.nintendo_path);
|
||||||
free(txt_buf);
|
free(txt_buf);
|
||||||
|
|
||||||
lv_obj_set_style(label_txt2, &hint_small_style);
|
lv_obj_set_style(label_txt2, &hint_small_style);
|
||||||
|
|
|
@ -34,6 +34,8 @@ extern volatile boot_cfg_t *b_cfg;
|
||||||
extern hekate_config h_cfg;
|
extern hekate_config h_cfg;
|
||||||
extern nyx_config n_cfg;
|
extern nyx_config n_cfg;
|
||||||
|
|
||||||
|
lv_obj_t *ums_mbox;
|
||||||
|
|
||||||
extern char *emmcsn_path_impl(char *path, char *sub_dir, char *filename, sdmmc_storage_t *storage);
|
extern char *emmcsn_path_impl(char *path, char *sub_dir, char *filename, sdmmc_storage_t *storage);
|
||||||
|
|
||||||
static lv_obj_t *_create_container(lv_obj_t *parent)
|
static lv_obj_t *_create_container(lv_obj_t *parent)
|
||||||
|
@ -498,6 +500,11 @@ static lv_res_t _action_ums_emuemmc_boot0(lv_obj_t *btn)
|
||||||
usbs.offset = emu_info.sector;
|
usbs.offset = emu_info.sector;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (emu_info.path)
|
||||||
|
free(emu_info.path);
|
||||||
|
if (emu_info.nintendo_path)
|
||||||
|
free(emu_info.nintendo_path);
|
||||||
}
|
}
|
||||||
sd_unmount();
|
sd_unmount();
|
||||||
|
|
||||||
|
@ -540,6 +547,11 @@ static lv_res_t _action_ums_emuemmc_boot1(lv_obj_t *btn)
|
||||||
usbs.offset = emu_info.sector + 0x2000;
|
usbs.offset = emu_info.sector + 0x2000;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (emu_info.path)
|
||||||
|
free(emu_info.path);
|
||||||
|
if (emu_info.nintendo_path)
|
||||||
|
free(emu_info.nintendo_path);
|
||||||
}
|
}
|
||||||
sd_unmount();
|
sd_unmount();
|
||||||
|
|
||||||
|
@ -592,6 +604,11 @@ static lv_res_t _action_ums_emuemmc_gpp(lv_obj_t *btn)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (emu_info.path)
|
||||||
|
free(emu_info.path);
|
||||||
|
if (emu_info.nintendo_path)
|
||||||
|
free(emu_info.nintendo_path);
|
||||||
}
|
}
|
||||||
sd_unmount();
|
sd_unmount();
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue