Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/KhronosGroup/Vulkan-Loader.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCharles Giessen <charles@lunarg.com>2022-06-20 23:53:25 +0300
committerCharles Giessen <46324611+charles-lunarg@users.noreply.github.com>2022-06-22 19:18:15 +0300
commit8d3d6d4e1635aabfe0cd66b628ba30278179b5d9 (patch)
tree85b3704be0c3c413bc763aa96e35c4548bbb52cf
parent1f92bbb656145c3b07ef40d5785a168520c03bc2 (diff)
Fix use-after-free in loader_add_layer_properties
Occurs after file_vers is freed and when the layer manifest has a layers field but has a version of 1.0.0.
Diffstat
-rw-r--r--loader/loader.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/loader/loader.c b/loader/loader.c
index 07f760ed5..6e565f5aa 100644
--- a/loader/loader.c
+++ b/loader/loader.c
@@ -2553,6 +2553,7 @@ static VkResult loader_add_layer_properties(const struct loader_instance *inst,
VkResult result = VK_ERROR_INITIALIZATION_FAILED;
cJSON *item, *layers_node, *layer_node;
loader_api_version json_version = {0, 0, 0};
+ char *file_vers = NULL;
// Make sure sure the top level json value is an object
if (!json || json->type != 6) {
goto out;
@@ -2561,7 +2562,7 @@ static VkResult loader_add_layer_properties(const struct loader_instance *inst,
if (item == NULL) {
goto out;
}
- char *file_vers = cJSON_PrintUnformatted(item);
+ file_vers = cJSON_PrintUnformatted(item);
if (NULL == file_vers) {
goto out;
}
@@ -2574,7 +2575,6 @@ static VkResult loader_add_layer_properties(const struct loader_instance *inst,
"loader_add_layer_properties: %s has unknown layer manifest file version %d.%d.%d. May cause errors.", filename,
json_version.major, json_version.minor, json_version.patch);
}
- loader_instance_heap_free(inst, file_vers);
// If "layers" is present, read in the array of layer objects
layers_node = cJSON_GetObjectItem(json, "layers");
@@ -2633,6 +2633,9 @@ static VkResult loader_add_layer_properties(const struct loader_instance *inst,
}
out:
+ if (NULL != file_vers) {
+ loader_instance_heap_free(inst, file_vers);
+ }
return result;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-29 11:47:52 +0300