From 35cea5e1d736bbdcb4fae6108f3550167ca29a2d Mon Sep 17 00:00:00 2001 From: Nadia Holmquist Pedersen Date: Sat, 4 May 2024 18:16:24 +0200 Subject: [PATCH] Fix zstd ROM loading issues * fix use-after-free of inContent * don't try to free the DStream twice --- src/frontend/qt_sdl/ROMManager.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/frontend/qt_sdl/ROMManager.cpp b/src/frontend/qt_sdl/ROMManager.cpp index a2b1ab75..9607c848 100644 --- a/src/frontend/qt_sdl/ROMManager.cpp +++ b/src/frontend/qt_sdl/ROMManager.cpp @@ -948,8 +948,8 @@ u32 DecompressROM(const u8* inContent, const u32 inSize, unique_ptr& outCo if (realSize != ZSTD_CONTENTSIZE_UNKNOWN) { - outContent = make_unique(realSize); - u64 decompressed = ZSTD_decompress(outContent.get(), realSize, inContent, inSize); + auto newOutContent = make_unique(realSize); + u64 decompressed = ZSTD_decompress(newOutContent.get(), realSize, inContent, inSize); if (ZSTD_isError(decompressed)) { @@ -957,6 +957,7 @@ u32 DecompressROM(const u8* inContent, const u32 inSize, unique_ptr& outCo return 0; } + outContent = std::move(newOutContent); return realSize; } else @@ -1011,7 +1012,6 @@ u32 DecompressROM(const u8* inContent, const u32 inSize, unique_ptr& outCo } } while (inBuf.pos < inBuf.size); - ZSTD_freeDStream(dStream); outContent = make_unique(outBuf.pos); memcpy(outContent.get(), outBuf.dst, outBuf.pos);