From: Belbo Date: Mon, 7 Aug 2017 21:49:19 +0000 (+0200) Subject: Fixed dangling pointer to random state array X-Git-Tag: 3.2d13~26^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=39e122a4ffd5ac6bf0ec338cbd13cf159440e46a;p=thirdparty%2Fshairport-sync.git Fixed dangling pointer to random state array The C library function initstate(), at least in macOS El Capitan, not only sets the state array given to it as the second argument, but also accesses the state array given to it in a previous call! (I don't know why, or if that behaviour is correct, but macOS seems to do that anyhow). Therefore, we cannot pass a local variable to it. As soon as the player thread stops, it will be a dangling pointer, and when a new player thread is started afterwards, initstate() will dereference that dangling pointer with unforeseeable consequences. --- diff --git a/player.c b/player.c index c6a20d7c..92d7e575 100644 --- a/player.c +++ b/player.c @@ -1481,7 +1481,7 @@ static void *player_thread_func(void *arg) { // I think it's useful to keep this prime to prevent it from falling into a pattern with some // other process. - char rnstate[256]; + static char rnstate[256]; initstate(time(NULL), rnstate, 256); signed short *inbuf, *tbuf, *silence;