[ scummvm-Bugs-2965108 ] scummvm crash on startup (zip file handling)

SourceForge.net noreply at sourceforge.net
Sun Mar 7 18:44:33 CET 2010 

Bugs item #2965108, was opened at 2010-03-07 18:44
Message generated for change (Tracker Item Submitted) made by chkr
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=418820&aid=2965108&group_id=37116

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Unknown Crash/Other
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Christian Krause (chkr)
Assigned to: Nobody/Anonymous (nobody)
Summary: scummvm crash on startup (zip file handling)

Initial Comment:
scummvm crashes on startup when there is a broken/empty zip file in the current directory

how to reproduce (linux):
1. mkdir /tmp/foo
2. cd /tmp/foo
3. touch bar.zip
4. scummvm

Segmentation fault (core dumped)

#0  0x088f7785 in Common::makeZipArchive (stream=0xa7a81d8)
    at common/unzip.cpp:1461
#1  0x08830abe in GUI::ThemeEngine::themeConfigUsable (node=@0xa7a7fec, 
    themeName=@0xbfe36a7c) at gui/ThemeEngine.cpp:1445
#2  0x08831d14 in GUI::ThemeEngine::listUsableThemes (node=@0xbfe36bd4, 
    list=@0xbfe36da0, depth=1) at gui/ThemeEngine.cpp:1564
#3  0x088324a4 in GUI::ThemeEngine::listUsableThemes (list=@0xbfe36da0)
    at gui/ThemeEngine.cpp:1515
#4  0x08832cd5 in GUI::ThemeEngine::getThemeFile (id=@0xbfe36eac)
    at gui/ThemeEngine.cpp:1616
[...]

The reason is a double free in common/unzip.cpp:

- in make ZipArchive unzOpen is called (with "stream" as parameter)
- in case of an error, "stream" is freed in unzOpen:
        if (err != UNZ_OK) {
                delete us->_stream;
                delete us;
                return NULL;
        }
and NULL is returned
- this causes in makeZipArchive that "stream" gets deleted again:
        unzFile zipFile = unzOpen(stream);
        if (!zipFile) {
                delete stream;
                return 0;
        }

- SVN snapshot from trunk, 2010-02-28

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=418820&aid=2965108&group_id=37116

More information about the Scummvm-tracker mailing list