From 9d61ee437a8acd841fb09d827383143f4423f515 Mon Sep 17 00:00:00 2001 From: Leland Lucius Date: Sun, 15 Dec 2019 22:47:18 -0600 Subject: [PATCH] Reapply 016919a53bb8f17de2a9070fbe84ed88fb27e175 Author: James Crook Date: Sun Jun 26 08:35:19 2016 +0100 Bug1223: (correction). Fix new potential crash in following pointer. With recent changes to the Nyquist code for freeing blocks, the pointer 'next' could be uninitialised when 'list' points to the zero chain. So Audacity would follow a rogue pointer. We'd get away with it if the uninitialised value happened to be zero. --- lib-src/libnyquist/nyquist/nyqsrc/sound.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib-src/libnyquist/nyquist/nyqsrc/sound.c b/lib-src/libnyquist/nyquist/nyqsrc/sound.c index 0a9e9f3eb..6078502de 100644 --- a/lib-src/libnyquist/nyquist/nyqsrc/sound.c +++ b/lib-src/libnyquist/nyquist/nyqsrc/sound.c @@ -545,6 +545,7 @@ void snd_list_unref(snd_list_type list) break; // the rest of the list is shared, nothing more to free } + next = NULL; // list nodes either point to a block of samples or this is the // last list node (list->block == NULL) which points to a suspension // lists can also terminate at the zero_block, which is an infinite