diff options
author | Aidan MacDonald <amachronic@protonmail.com> | 2022-03-28 21:59:43 +0100 |
---|---|---|
committer | Aidan MacDonald <amachronic@protonmail.com> | 2022-09-19 15:09:51 -0400 |
commit | c8365b2bddbdb85a983efcab0485cb8587b90bb2 (patch) | |
tree | 03f91a29a0491a60e24914d4f6561b195d910311 /apps/plugins/mpegplayer/libmpeg2 | |
parent | 4d3bf1c446a7d1d2f85d368dfff70fcedfb5e045 (diff) | |
download | rockbox-c8365b2bddbdb85a983efcab0485cb8587b90bb2.tar.gz rockbox-c8365b2bddbdb85a983efcab0485cb8587b90bb2.zip |
buflib: fix bug in handle_table_shrink
The way it iterated over the handle table is unsafe if *every*
handle is free, leading to an out of bounds access.
This is a contrived example, but the bug can be triggered by
making several allocations, freeing them out of order so that
the handle table remains uncompacted, and then triggering a
compaction using buflib_alloc_maximum().
Change-Id: I879e2f0b223e6ca596769610ac46f4edf1107f5c
Diffstat (limited to 'apps/plugins/mpegplayer/libmpeg2')
0 files changed, 0 insertions, 0 deletions