[PATCH 1/3] compositor-rdp: fix leak of frame bitmap in raw mode
Hardening
rdp.effort at gmail.com
Sun Jul 9 12:41:24 UTC 2017
Le 06/07/2017 à 12:06, Olivier Blin a écrit :
> In rdp_peer_refresh_raw(), cmd->bitmapData was reallocated, but never freed.
>
> The cmd content (actually peer->update->surface_bits_command) was
> re-initialized to zero at the beginning of the function, losing the
> pointer to the previously allocated bitmap data.
>
> Move the bitmap data in the peer->context structure instead, so that
> it can be reused for every frame, and freed at destruction.
> ---
> libweston/compositor-rdp.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/libweston/compositor-rdp.c b/libweston/compositor-rdp.c
> index 091472b0..7b1ab06d 100644
> --- a/libweston/compositor-rdp.c
> +++ b/libweston/compositor-rdp.c
> @@ -142,6 +142,7 @@ struct rdp_peer_context {
> wStream *encode_stream;
> RFX_RECT *rfx_rects;
> NSC_CONTEXT *nsc_context;
> + BYTE * bitmapData;
>
> struct rdp_peers_item item;
> };
> @@ -312,7 +313,10 @@ rdp_peer_refresh_raw(pixman_region32_t *region, pixman_image_t *image, freerdp_p
> cmd->destTop = top;
> cmd->destBottom = top + cmd->height;
> cmd->bitmapDataLength = cmd->width * cmd->height * 4;
> - cmd->bitmapData = (BYTE *)realloc(cmd->bitmapData, cmd->bitmapDataLength);
> +
> + RdpPeerContext *context = (RdpPeerContext *)peer->context;
> + context->bitmapData = (BYTE *)realloc(context->bitmapData, cmd->bitmapDataLength);
> + cmd->bitmapData = context->bitmapData;
>
> subrect.y1 = top;
> subrect.y2 = top + cmd->height;
> @@ -659,6 +663,7 @@ int rdp_implant_listener(struct rdp_backend *b, freerdp_listener* instance)
> static FREERDP_CB_RET_TYPE
> rdp_peer_context_new(freerdp_peer* client, RdpPeerContext* context)
> {
> + context->bitmapData = NULL;
> context->item.peer = client;
> context->item.flags = RDP_PEER_OUTPUT_ENABLED;
>
> @@ -715,6 +720,8 @@ rdp_peer_context_free(freerdp_peer* client, RdpPeerContext* context)
> * but it would crash on reconnect */
> }
>
> + free(context->bitmapData);
> +
> Stream_Free(context->encode_stream, TRUE);
> nsc_context_free(context->nsc_context);
> rfx_context_free(context->rfx_context);
>
Reviewed-by: David Fort <contact at hardening-consulting.com>
--
David FORT
website: http://www.hardening-consulting.com/
More information about the wayland-devel
mailing list