StarMirror/qTox
1
0
Fork 0
mirror of https://github.com/qTox/qTox.git synced 2024-03-22 14:00:36 +08:00
Code Issues Projects Releases Wiki Activity

fix(audio): keep the data pointed to by tmpDevName in scope

Browse Source 
Fix the use after free in Audio::initInput and Audio::initOutput
by storing the buffer returned by QString::toUtf8 (which contains data
pointed to by tmpDevName) in an intermediate variable, preventing the
buffer from falling out of scope for the duration of the function.

Fixes #3786
This commit is contained in:
Keegan Drake H.P 2016-10-06 02:33:58 -05:00
parent bbdd4f044c
commit af37fa7b20
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/audio/audio.cpp
View File

@ -352,9 +352,12 @@ bool Audio::initInput(const QString& deviceName)
const uint32_t chnls = AUDIO_CHANNELS;
const ALCsizei bufSize = (frameDuration * sampleRate * 4) / 1000 * chnls;
const QByteArray qDevName = deviceName.isEmpty()
? nullptr
: deviceName.toUtf8();
const ALchar* tmpDevName = deviceName.isEmpty()
? nullptr
: deviceName.toUtf8().constData();
: qDevName.constData();
alInDev = alcCaptureOpenDevice(tmpDevName, sampleRate, stereoFlag, bufSize);
// Restart the capture if necessary
@ -386,9 +389,12 @@ bool Audio::initOutput(const QString& deviceName)
qDebug() << "Opening audio output" << deviceName;
assert(!alOutDev);
const QByteArray qDevName = deviceName.isEmpty()
? nullptr
: deviceName.toUtf8();
const ALchar* tmpDevName = deviceName.isEmpty()
? nullptr
: deviceName.toUtf8().constData();
: qDevName.constData();
alOutDev = alcOpenDevice(tmpDevName);
if (!alOutDev)