[rtmpdump] librtmp/dh.h MDH_free(vp) using uninitialized pointer
Reijo Tomperi
aggro80 at users.sourceforge.net
Tue Jun 21 21:52:38 CEST 2011
Hi,
In file librtmp/dh.h, in function DHInit() there is this code:
failed:
if (dh)
MDH_free(dh);
In the same file there is also (this is on a single line):
#define MDH_free(vp) {MDH *dh = vp; dhm_free(&dh->ctx);
MP_free(dh->p); MP_free(dh->g); MP_free(dh->pub_key);
MP_free(dh->priv_key); free(dh);}
When this macro is written open, it will generate code that looks like this:
MDH *dh = dh;
As you can see from the example program from below, this will result dh
being uninitialized pointer.
-------------- code start -------------------
#include <stdio.h>
#define MDH_free(vp) {int *aa = vp; printf("%d\n", *aa ); }
#define MDH_free2(vp) {int *ab = vp; printf("%d\n", *ab ); }
int main()
{
int a = 6;
int *aa = &a;
printf("%d\n", *aa );
MDH_free(aa)
MDH_free2(aa)
return 0;
}
-------------- code end -------------------
Program output:
6
-1991643855
6
--
Reijo
More information about the rtmpdump
mailing list