From a5520f8a3d7d866d4e97de8f04a08ab3dd908470 Mon Sep 17 00:00:00 2001 From: Scott Shawcroft Date: Wed, 3 Apr 2019 15:24:15 -0700 Subject: [PATCH] Set the terminal tilegrid NULL after free Without this, a double free can occur when a display (and terminal) is released and then a crash occurs. Upon a second release, different memory is released (sometimes the heap). When this is followed by an allocation for the flash cache, the cache can overwrite the active heap causing crashes. Fixes #1667 --- supervisor/shared/display.c | 1 + 1 file changed, 1 insertion(+) diff --git a/supervisor/shared/display.c b/supervisor/shared/display.c index e1400426e9..acf8e69d4f 100644 --- a/supervisor/shared/display.c +++ b/supervisor/shared/display.c @@ -81,6 +81,7 @@ void supervisor_start_terminal(uint16_t width_px, uint16_t height_px) { void supervisor_stop_terminal(void) { if (tilegrid_tiles != NULL) { free_memory(tilegrid_tiles); + tilegrid_tiles = NULL; supervisor_terminal_text_grid.inline_tiles = false; supervisor_terminal_text_grid.tiles = NULL; }