Date: Friday, February 26, 2021 @ 23:24:42 Author: heftig Revision: 874489
1.2.12-9: FS#69801 add a patch Added: sdl_mixer/trunk/fluidsynth-use-after-free.patch Modified: sdl_mixer/trunk/PKGBUILD ---------------------------------+ PKGBUILD | 9 ++++++--- fluidsynth-use-after-free.patch | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 3 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2021-02-26 23:08:19 UTC (rev 874488) +++ PKGBUILD 2021-02-26 23:24:42 UTC (rev 874489) @@ -5,7 +5,7 @@ pkgname=sdl_mixer pkgver=1.2.12 -pkgrel=8 +pkgrel=9 pkgdesc="A simple multi-channel audio mixer" url="https://www.libsdl.org/projects/SDL_mixer/"; arch=(x86_64) @@ -14,12 +14,14 @@ makedepends=(fluidsynth) optdepends=('fluidsynth: MIDI software synth, replaces built-in timidity') source=(https://www.libsdl.org/projects/SDL_mixer/release/SDL_mixer-$pkgver.tar.gz - mikmod1.patch mikmod2.patch fluidsynth-volume.patch double-free-crash.patch) + mikmod1.patch mikmod2.patch fluidsynth-volume.patch double-free-crash.patch + fluidsynth-use-after-free.patch) sha256sums=('1644308279a975799049e4826af2cfc787cad2abb11aa14562e402521f86992a' 'e0d36cd81083a0b033436b8f300cc4f4513a6043e57fea139afbade02dbe0de8' 'a0c5326b4363464159a38dc51badad984b65ce0fa4c3b1dd1ad5f73bc7b6c55e' '4b6c567debf18c88398d4045a6e4ed0954f0e04cc61162ca907a83ddec17cd70' - 'b707f5c8d1229d1612cc8a9f4e976f0a3b19ea40d7bd1d5bc1cbd5c9f8bca56d') + 'b707f5c8d1229d1612cc8a9f4e976f0a3b19ea40d7bd1d5bc1cbd5c9f8bca56d' + '97a9ec5ce455114e3fde862670da468a81ba3a868f9385048ddc45a5a3102d03') prepare() { cd SDL_mixer-$pkgver @@ -28,6 +30,7 @@ patch -Np1 -i ../mikmod2.patch patch -Np1 -i ../fluidsynth-volume.patch patch -Np1 -i ../double-free-crash.patch + patch -Np1 -i ../fluidsynth-use-after-free.patch sed -e "/CONFIG_FILE_ETC/s|/etc/timidity.cfg|/etc/timidity++/timidity.cfg|" \ -e "/DEFAULT_PATH/s|/etc/timidity|/etc/timidity++|" \ Added: fluidsynth-use-after-free.patch =================================================================== --- fluidsynth-use-after-free.patch (rev 0) +++ fluidsynth-use-after-free.patch 2021-02-26 23:24:42 UTC (rev 874489) @@ -0,0 +1,37 @@ +From 452a55c5d8cd78621114b8aaa258377403797ea7 Mon Sep 17 00:00:00 2001 +From: Ozkan Sezer <[email protected]> +Date: Fri, 22 Jan 2021 17:47:01 +0300 +Subject: [PATCH] Fix use-after-free in music_fluidsynth.c (backport from + default branch) + +Tom M. + +There is a dangerous use-after-free in FLUIDSYNTH_Delete(): the settings +object is deleted **before** the synth. Since the settings have been +created first to initialize the synth, you must first delete the synth +and then delete the settings. This currently crashes all applications +that use fluidsynth 2.1.6 and SDL2_mixer. + +Originally reported at https://github.com/FluidSynth/fluidsynth/issues/748 +--- + fluidsynth.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/fluidsynth.c b/fluidsynth.c +index 717d8aa..179d79c 100644 +--- a/fluidsynth.c ++++ b/fluidsynth.c +@@ -152,10 +152,12 @@ FluidSynthMidiSong *fluidsynth_loadsong_RW(SDL_RWops *rw, int freerw) + + void fluidsynth_freesong(FluidSynthMidiSong *song) + { ++ fluid_settings_t *settings; + if (!song) return; ++ settings = fluidsynth.fluid_synth_get_settings(song->synth); + fluidsynth.delete_fluid_player(song->player); +- fluidsynth.delete_fluid_settings(fluidsynth.fluid_synth_get_settings(song->synth)); + fluidsynth.delete_fluid_synth(song->synth); ++ fluidsynth.delete_fluid_settings(settings); + SDL_free(song); + } +
