Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions components/nes/nofrendo/cpu/nes6502.c
Original file line number Diff line number Diff line change
Expand Up @@ -1283,6 +1283,17 @@ void nes6502_setcontext(nes6502_context *context)
stack = ram + STACK_OFFSET;
}

/* Drop cached pointers into shared memory. The dead page is allocated once via
** _my_malloc() and cached in null_page; when the shared memory pool is freed
** (NES teardown) that pointer dangles, so it must be nulled here or the next
** load reuses freed memory (use-after-free -> heap corruption). */
void nes6502_release_memory(void)
{
null_page = NULL;
ram = NULL;
stack = NULL;
}

/* get the current context */
void nes6502_getcontext(nes6502_context *context)
{
Expand Down
9 changes: 9 additions & 0 deletions components/nes/nofrendo/nes/nes_ppu.c
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,15 @@ void ppu_displaysprites(bool display)
ppu->drawsprites = display;
}

/* Drop the cached PPU working context. ppu is allocated once via _my_malloc()
** in ppu_setcontext(); when shared memory is freed (NES teardown) that pointer
** dangles, so null it here or the next load writes through a freed pointer
** (use-after-free -> heap corruption). */
void ppu_release_memory(void)
{
ppu = NULL;
}

void ppu_setcontext(ppu_t *src_ppu)
{
int nametab[4];
Expand Down
10 changes: 10 additions & 0 deletions components/nes/src/nes_shared_memory.c
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,16 @@ void nes_init_shared_memory(void) {
nes_cpu = (nes6502_context *)_my_malloc(sizeof(nes6502_context));
}

// nofrendo caches working buffers in file-static pointers that are allocated
// once via _my_malloc() (the 6502 dead page; the PPU working context). Those
// live in the shared pool that shared_mem_clear() is about to free, so we must
// drop the cached pointers or the next NES load reuses freed memory
// (use-after-free -> heap corruption).
extern void nes6502_release_memory(void);
extern void ppu_release_memory(void);

void nes_free_shared_memory(void) {
nes6502_release_memory();
ppu_release_memory();
shared_mem_clear();
}
Loading