Valve/Proton
1
0
Fork 0
mirror of https://github.com/ValveSoftware/Proton.git synced 2025-01-27 05:58:16 +03:00
Code Issues Packages Projects Releases Wiki Activity

lsteamclient: Avoid accessing entry->callback.size after free.

Browse Source 
Fixes a crash in Space Engineers.

CW-Bug-Id: #23145
This commit is contained in:
Rémi Bernon 2023-12-18 23:10:19 +01:00 committed by Arkadiusz Hiler
parent 6858265bd3
commit 37dc6df5eb
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lsteamclient/unixlib.cpp
View File

@ -231,6 +231,7 @@ NTSTATUS ISteamClient_SteamClient020_Set_SteamAPI_CCheckCallbackRegisteredInProc
NTSTATUS steamclient_next_callback( void *args )
{
struct steamclient_next_callback_params *params = (struct steamclient_next_callback_params *)args;
uint32_t capacity = params->size;
struct list *ptr;
pthread_mutex_lock( &callbacks_lock );
@ -238,14 +239,13 @@ NTSTATUS steamclient_next_callback( void *args )
{
struct callback_entry *entry = LIST_ENTRY( ptr, struct callback_entry, entry );
if (entry->callback.size <= params->size)
params->size = entry->callback.size;
if (params->size <= capacity)
{
memcpy( params->callback, &entry->callback, entry->callback.size );
memcpy( params->callback, &entry->callback, params->size );
list_remove( &entry->entry );
free( entry );
}
params->size = entry->callback.size;
}
pthread_mutex_unlock( &callbacks_lock );