From 70e40339a1c7c211541bf0f39b131b1df3fe5647 Mon Sep 17 00:00:00 2001 From: Nimetu Date: Fri, 22 Feb 2019 18:57:56 +0200 Subject: [PATCH] Fixed: Possible use after free and null pointer issues --HG-- branch : develop --- code/nel/src/sound/audio_decoder_mp3.cpp | 5 ++++- code/nel/src/sound/complex_source.cpp | 4 +++- code/nel/src/sound/driver/openal/source_al.cpp | 4 ++++ code/nel/src/sound/sample_bank_manager.cpp | 15 ++++++++------- code/nel/src/sound/stream_source.cpp | 2 +- 5 files changed, 20 insertions(+), 10 deletions(-) diff --git a/code/nel/src/sound/audio_decoder_mp3.cpp b/code/nel/src/sound/audio_decoder_mp3.cpp index bef0aad71..dc740bec0 100644 --- a/code/nel/src/sound/audio_decoder_mp3.cpp +++ b/code/nel/src/sound/audio_decoder_mp3.cpp @@ -92,7 +92,10 @@ CAudioDecoderMP3::CAudioDecoderMP3(NLMISC::IStream *stream, bool loop) CAudioDecoderMP3::~CAudioDecoderMP3() { - drmp3_uninit(&_Decoder); + if (_IsSupported) + { + drmp3_uninit(&_Decoder); + } } bool CAudioDecoderMP3::isFormatSupported() const diff --git a/code/nel/src/sound/complex_source.cpp b/code/nel/src/sound/complex_source.cpp index 103c6cc60..3caee06f6 100644 --- a/code/nel/src/sound/complex_source.cpp +++ b/code/nel/src/sound/complex_source.cpp @@ -704,7 +704,9 @@ void CComplexSource::checkup() for (; first != last; ++first) { USource *source = *first; - if (source != NULL && source->getSound()->getLooping() && !source->isPlaying()) + if (source == NULL) + continue; + if (source->getSound()->getLooping() && !source->isPlaying()) source->play(); if (source->getSound()->getSoundType() != CSound::SOUND_SIMPLE) static_cast(source)->checkup(); diff --git a/code/nel/src/sound/driver/openal/source_al.cpp b/code/nel/src/sound/driver/openal/source_al.cpp index b35dbe201..439da980d 100644 --- a/code/nel/src/sound/driver/openal/source_al.cpp +++ b/code/nel/src/sound/driver/openal/source_al.cpp @@ -194,6 +194,10 @@ uint CSourceAL::countStreamingBuffers() const // a bit ugly here, but makes a much easier/simpler implementation on both drivers ALint buffersProcessed; alGetSourcei(_Source, AL_BUFFERS_PROCESSED, &buffersProcessed); + if (buffersProcessed && _QueuedBuffers.empty()) + { + nlwarning("AL: QueuedBuffers is empty, but OpenAL buffers processed > 0"); + } while (buffersProcessed && !_QueuedBuffers.empty()) { ALuint bufferName = _QueuedBuffers.front()->bufferName(); diff --git a/code/nel/src/sound/sample_bank_manager.cpp b/code/nel/src/sound/sample_bank_manager.cpp index 996c59f1e..6f6728bca 100644 --- a/code/nel/src/sound/sample_bank_manager.cpp +++ b/code/nel/src/sound/sample_bank_manager.cpp @@ -82,13 +82,14 @@ void CSampleBankManager::init(NLGEORGES::UFormElm *mixerConfig) TFilteredBank fb; std::string bankName; NLGEORGES::UFormElm *realBank = NULL; - realBank->getArrayNode(&realBank, j); - - realBank->getValueByName(bankName, ".SampleBank"); - fb.BankName = CStringMapper::map(bankName); - realBank->getValueByName(fb.Filter, ".Filter"); - - vfb.push_back(fb); + realBanks->getArrayNode(&realBank, j); + if (realBank != 0) + { + realBank->getValueByName(bankName, ".SampleBank"); + fb.BankName = CStringMapper::map(bankName); + realBank->getValueByName(fb.Filter, ".Filter"); + vfb.push_back(fb); + } } } diff --git a/code/nel/src/sound/stream_source.cpp b/code/nel/src/sound/stream_source.cpp index 9bd48ff25..537a4c24d 100644 --- a/code/nel/src/sound/stream_source.cpp +++ b/code/nel/src/sound/stream_source.cpp @@ -92,7 +92,7 @@ void CStreamSource::releasePhysicalSource() // free the track pSource->stop(); pSource->setStreaming(false); - mixer->freeTrack(m_Track); + if (mixer) mixer->freeTrack(m_Track); m_Track = NULL; } }