Summary
freenect_init_registration_table() in src/registration.c does not check the return value of malloc() before passing the pointer to memset(). If malloc() fails and returns NULL, memset(NULL, ...) causes a null pointer dereference crash.
Location
src/registration.c, inside freenect_init_registration_table() — the malloc() call for the registration table buffer.
Impact
An application that initializes Freenect registration under memory pressure will crash with a segmentation fault (denial of service).
Fix
PR #698 adds a NULL check after malloc() and returns an error code on failure.
Related
Summary
freenect_init_registration_table()insrc/registration.cdoes not check the return value ofmalloc()before passing the pointer tomemset(). Ifmalloc()fails and returnsNULL,memset(NULL, ...)causes a null pointer dereference crash.Location
src/registration.c, insidefreenect_init_registration_table()— themalloc()call for the registration table buffer.Impact
An application that initializes Freenect registration under memory pressure will crash with a segmentation fault (denial of service).
Fix
PR #698 adds a
NULLcheck aftermalloc()and returns an error code on failure.Related