Skip to content

Fix memory leaks and pointer safety issues in sysin_events.mm#1

Open
PekingSpades wants to merge 1 commit intoEigenlabs:masterfrom
PekingSpades:master
Open

Fix memory leaks and pointer safety issues in sysin_events.mm#1
PekingSpades wants to merge 1 commit intoEigenlabs:masterfrom
PekingSpades:master

Conversation

@PekingSpades
Copy link
Copy Markdown

@PekingSpades PekingSpades commented Dec 31, 2025

Summary

  • Fixed multiple memory leaks in sysin_events/sysin_events.mm where Core Foundation objects created with "Create" functions were not released
  • Fixed pointer type width mismatch that could cause stack corruption on 64-bit systems
  • Added NULL checks to prevent potential crashes

Changes

Memory Leaks Fixed

Location Issue Fix
mousevent() CGEventSourceCreate() return value was passed directly to another function without being released Store in variable and call CFRelease()
cfilterfunc_process() CGEventCreate() return value was never released Added CFRelease(reference_event)
release_button1() CGEventCreate() return value was never released Added CFRelease(reference_event)
release_button2() CGEventCreate() return value was never released Added CFRelease(reference_event)

Pointer Safety Issues Fixed

Location Issue Fix
createStringForKey() TISCopyCurrentKeyboardInputSource() and TISGetInputSourceProperty() could return NULL, causing crash on dereference Added NULL checks with early return
keyCodeForChar() CFStringCreateWithCharacters() could return NULL Added NULL check
keyCodeForChar() CFDictionaryGetValueIfPresent() writes a pointer-sized value (8 bytes on 64-bit), but was writing to CGKeyCode which is uint16_t (2 bytes), causing stack corruption Use intermediate const void * variable then cast to CGKeyCode

Documentation References

The fixes are based on Apple's official Core Foundation documentation:

The Create Rule

If a function name contains the word "Create" or "Copy", you own the object. When you own an object, it is your responsibility to relinquish ownership (using CFRelease()) when you have finished with it.

Source: Memory Management Programming Guide for Core Foundation - Ownership Policy

CFDictionaryGetValueIfPresent Signature

Boolean CFDictionaryGetValueIfPresent(CFDictionaryRef theDict, const void *key, const void **value);

The value parameter is documented as: "A pointer to memory which should be filled with the pointer-sized value if a matching key is found."

Source: Apple Open Source - CF/CFDictionary.h

This means on 64-bit systems, the function writes 8 bytes. Writing to a uint16_t variable (2 bytes) causes stack corruption.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@PekingSpades