From 7331e41b57a5ef93192b58df73fa2cf3a0f3ca21 Mon Sep 17 00:00:00 2001 From: yamamama Date: Fri, 26 Dec 2025 17:35:26 -0500 Subject: [PATCH] Fix realloc use-after-free, better safeguard the defaultvalue overwrite --- src/deh_soc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/deh_soc.c b/src/deh_soc.c index 42ec736d7..aa66c2c8f 100644 --- a/src/deh_soc.c +++ b/src/deh_soc.c @@ -4266,10 +4266,10 @@ void readkartresult(MYFILE *f, kartresult_t *result) //CONS_Printf("Allocated cvar data successfully\n"); } - else + else if (result->augcvar[idx]->defaultvalue) { // Reallocate the data and set a new default value. - realloc(result->augcvar[idx]->defaultvalue, strlen(va("%d", result->baserunneraug[idx]))+1); + result->augcvar[idx]->defaultvalue = realloc(result->augcvar[idx]->defaultvalue, strlen(va("%d", result->baserunneraug[idx]))+1); sprintf(result->augcvar[idx]->defaultvalue, "%d", result->baserunneraug[idx]); CV_StealthSet(result->augcvar[idx], result->augcvar[idx]->defaultvalue);