From 1c3e8809f685f1204244ebf77a40bcdd34dd2b93 Mon Sep 17 00:00:00 2001 From: Alex Taber Date: Fri, 11 May 2018 17:54:43 -0400 Subject: [PATCH] Fix UB caused by using a free'd struct (actually fix QR code reader) --- include/camera.h | 1 - source/camera.c | 9 ++++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/include/camera.h b/include/camera.h index bf59fff..6d25d3d 100644 --- a/include/camera.h +++ b/include/camera.h @@ -34,7 +34,6 @@ typedef struct { u32 *texture_buffer; Handle mutex; volatile bool finished; - volatile bool finished_update; volatile bool success; Handle cancel; diff --git a/source/camera.c b/source/camera.c index df7f895..507965a 100644 --- a/source/camera.c +++ b/source/camera.c @@ -56,7 +56,6 @@ void exit_qr(qr_data *data) free(data->camera_buffer); free(data->texture_buffer); quirc_destroy(data->context); - free(data); } void capture_cam_thread(void *arg) @@ -201,7 +200,6 @@ void update_qr(qr_data *data) if (!quirc_decode(&code, &scan_data)) { exit_qr(data); - data->finished_update = true; draw_install(INSTALL_DOWNLOAD); char * zip_buf = NULL; @@ -290,14 +288,15 @@ bool init_qr(void) qr_data *data = calloc(1, sizeof(qr_data)); data->capturing = false; data->finished = false; - data->finished_update = false; data->context = quirc_new(); quirc_resize(data->context, 400, 240); data->camera_buffer = calloc(1, 400 * 240 * sizeof(u16)); data->texture_buffer = calloc(1, 400 * 240 * sizeof(u32)); - while (!data->finished_update && !data->finished) update_qr(data); + while (!data->finished) update_qr(data); + bool success = data->success; + free(data); - return (bool)data->success; + return success; } \ No newline at end of file