-
rswindell authoredIf the modify callback function returned a pointer *within* the list item's allocated buffer, the strcpy() would copy from potentialy free'd memory as realloc may change the location of the heap buffer when resizing. Fixed by allocating a copy of the returned pointer before freeing the original list item buffer and then just assign the allocated pointer (no copying needed). This likely will result in more heap fragmentation for modified list items are now newly-allocated buffers rather than reallocated existing buffers but the other option would have been to allocate a temporary copy of the string before reallocating and then copying and that would've been a lot more overhead than with this approach. This likely fixes any crashes seen in recent revs of v3.17c (e.g. when imported QWK or REP packets and text/*.can and the twitlist.cfg are parsed). The sighting on Vertrauen was only in the Windows build and appeared when importing QWK/REP packets.
rswindell authoredIf the modify callback function returned a pointer *within* the list item's allocated buffer, the strcpy() would copy from potentialy free'd memory as realloc may change the location of the heap buffer when resizing. Fixed by allocating a copy of the returned pointer before freeing the original list item buffer and then just assign the allocated pointer (no copying needed). This likely will result in more heap fragmentation for modified list items are now newly-allocated buffers rather than reallocated existing buffers but the other option would have been to allocate a temporary copy of the string before reallocating and then copying and that would've been a lot more overhead than with this approach. This likely fixes any crashes seen in recent revs of v3.17c (e.g. when imported QWK or REP packets and text/*.can and the twitlist.cfg are parsed). The sighting on Vertrauen was only in the Windows build and appeared when importing QWK/REP packets.
Loading