From 5f2371a9e24b036e8d1a23c5f0f77423349a18e3 Mon Sep 17 00:00:00 2001 From: Robin Gareus Date: Wed, 6 Nov 2024 17:24:00 +0100 Subject: [PATCH] Fix 30dc9ccc863ca, buf2 needs to remain in scope. This fixes a heap-use-after-free. --- libs/ardour/audiosource.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libs/ardour/audiosource.cc b/libs/ardour/audiosource.cc index c67860064a..795debc390 100644 --- a/libs/ardour/audiosource.cc +++ b/libs/ardour/audiosource.cc @@ -932,6 +932,7 @@ AudioSource::compute_and_write_peaks (Sample const * buf, samplecnt_t first_samp samplecnt_t samples_done; const size_t blocksize = (128 * 1024); off_t first_peak_byte; + std::unique_ptr buf2; if (-1 == _peakfile_fd) { if (prepare_for_peakfile_writes ()) { @@ -991,7 +992,7 @@ AudioSource::compute_and_write_peaks (Sample const * buf, samplecnt_t first_samp /* make a new contiguous buffer containing leftovers and the new stuff */ to_do = cnt + peak_leftover_cnt; - std::unique_ptr buf2(new Sample[to_do]); + buf2.reset(new Sample[to_do]); /* the remnants */ memcpy (buf2.get(), peak_leftovers, peak_leftover_cnt * sizeof (Sample));