From 5fe98e882e4d0c836362a6cb0b1a89f22275b31c Mon Sep 17 00:00:00 2001 From: Mike Robinson Date: Sat, 11 Oct 2014 00:19:11 +0100 Subject: [PATCH] Fix use-after-free menu_settings_iterate() would strcmp freed labels after exiting a submenu. --- file_list.c | 3 +++ frontend/menu/backend/menu_common_backend.c | 15 +++++++++------ 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/file_list.c b/file_list.c index 471295ca7a..510628b620 100644 --- a/file_list.c +++ b/file_list.c @@ -108,8 +108,11 @@ void file_list_clear(file_list_t *list) for (i = 0; i < list->size; i++) { free(list->list[i].path); + list->list[i].path = NULL; free(list->list[i].label); + list->list[i].label = NULL; free(list->list[i].alt); + list->list[i].alt = NULL; } #ifdef HAVE_MENU diff --git a/frontend/menu/backend/menu_common_backend.c b/frontend/menu/backend/menu_common_backend.c index efb2cfc35e..ee190b82d0 100644 --- a/frontend/menu/backend/menu_common_backend.c +++ b/frontend/menu/backend/menu_common_backend.c @@ -411,12 +411,15 @@ static int menu_settings_iterate(unsigned action) file_list_get_at_offset(driver.menu->selection_buf, driver.menu->selection_ptr, NULL, &label, &type); - if (!strcmp(label, "core_list")) - dir = g_settings.libretro_directory; - else if (!strcmp(label, "configurations")) - dir = g_settings.menu_config_directory; - else if (!strcmp(label, "disk_image_append")) - dir = g_settings.menu_content_directory; + if (label) + { + if (!strcmp(label, "core_list")) + dir = g_settings.libretro_directory; + else if (!strcmp(label, "configurations")) + dir = g_settings.menu_config_directory; + else if (!strcmp(label, "disk_image_append")) + dir = g_settings.menu_content_directory; + } if (driver.menu->need_refresh && action != MENU_ACTION_MESSAGE) action = MENU_ACTION_NOOP;