nyx: fix use after free and a heap corruption

Fix use after free and a heap corruption on emummc config loading/freeing that could cause hangs when entering emummc window.
This commit is contained in:
CTCaer 2022-10-11 04:37:17 +03:00
parent f41d6be8d4
commit 4f2a6f16d3
3 changed files with 33 additions and 6 deletions

View File

@ -58,9 +58,15 @@ void load_emummc_cfg(emummc_cfg_t *emu_info)
else if (!strcmp("id", kv->key))
emu_info->id = strtol(kv->val, NULL, 16);
else if (!strcmp("path", kv->key))
emu_info->path = kv->val;
{
emu_info->path = (char *)malloc(strlen(kv->val) + 1);
strcpy(emu_info->path, kv->val);
}
else if (!strcmp("nintendo_path", kv->key))
emu_info->nintendo_path = kv->val;
{
emu_info->nintendo_path = (char *)malloc(strlen(kv->val) + 1);
strcpy(emu_info->nintendo_path, kv->val);
}
}
break;

View File

@ -1234,6 +1234,10 @@ lv_res_t create_win_emummc_tools(lv_obj_t *btn)
lv_label_set_static_text(label_txt2, "emuMMC is disabled and eMMC will be used for boot.\n\n");
}
if (emu_info.path)
free(emu_info.path);
if (emu_info.nintendo_path)
free(emu_info.nintendo_path);
free(txt_buf);
lv_obj_set_style(label_txt2, &hint_small_style);

View File

@ -34,6 +34,8 @@ extern volatile boot_cfg_t *b_cfg;
extern hekate_config h_cfg;
extern nyx_config n_cfg;
lv_obj_t *ums_mbox;
extern char *emmcsn_path_impl(char *path, char *sub_dir, char *filename, sdmmc_storage_t *storage);
static lv_obj_t *_create_container(lv_obj_t *parent)
@ -498,6 +500,11 @@ static lv_res_t _action_ums_emuemmc_boot0(lv_obj_t *btn)
usbs.offset = emu_info.sector;
}
}
if (emu_info.path)
free(emu_info.path);
if (emu_info.nintendo_path)
free(emu_info.nintendo_path);
}
sd_unmount();
@ -540,6 +547,11 @@ static lv_res_t _action_ums_emuemmc_boot1(lv_obj_t *btn)
usbs.offset = emu_info.sector + 0x2000;
}
}
if (emu_info.path)
free(emu_info.path);
if (emu_info.nintendo_path)
free(emu_info.nintendo_path);
}
sd_unmount();
@ -592,6 +604,11 @@ static lv_res_t _action_ums_emuemmc_gpp(lv_obj_t *btn)
}
}
}
if (emu_info.path)
free(emu_info.path);
if (emu_info.nintendo_path)
free(emu_info.nintendo_path);
}
sd_unmount();