Skip to content

Fix memory leaks and pointer safety issues in sysin_events.mm #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
PekingSpades wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix memory leaks and pointer safety issues in sysin_events.mm #1

PekingSpades wants to merge 1 commit into from

Conversation

@PekingSpades
Copy link

@PekingSpades PekingSpades commented Dec 31, 2025

Summary

  • Fixed multiple memory leaks in sysin_events/sysin_events.mm where Core Foundation objects created with "Create" functions were not released
  • Fixed pointer type width mismatch that could cause stack corruption on 64-bit systems
  • Added NULL checks to prevent potential crashes

Changes

Memory Leaks Fixed

Location Issue Fix
mousevent() CGEventSourceCreate() return value was passed directly to another function without being released Store in variable and call CFRelease()
cfilterfunc_process() CGEventCreate() return value was never released Added CFRelease(reference_event)
release_button1() CGEventCreate() return value was never released Added CFRelease(reference_event)
release_button2() CGEventCreate() return value was never released Added CFRelease(reference_event)

Pointer Safety Issues Fixed

Location Issue Fix
createStringForKey() TISCopyCurrentKeyboardInputSource() and TISGetInputSourceProperty() could return NULL, causing crash on dereference Added NULL checks with early return
keyCodeForChar() CFStringCreateWithCharacters() could return NULL Added NULL check
keyCodeForChar() CFDictionaryGetValueIfPresent() writes a pointer-sized value (8 bytes on 64-bit), but was writing to CGKeyCode which is uint16_t (2 bytes), causing stack corruption Use intermediate const void * variable then cast to CGKeyCode

Documentation References

The fixes are based on Apple's official Core Foundation documentation:

The Create Rule

If a function name contains the word "Create" or "Copy", you own the object. When you own an object, it is your responsibility to relinquish ownership (using CFRelease()) when you have finished with it.

Source: Memory Management Programming Guide for Core Foundation - Ownership Policy

CFDictionaryGetValueIfPresent Signature

Boolean CFDictionaryGetValueIfPresent(CFDictionaryRef theDict, const void *key, const void **value);

The value parameter is documented as: "A pointer to memory which should be filled with the pointer-sized value if a matching key is found."

Source: Apple Open Source - CF/CFDictionary.h

This means on 64-bit systems, the function writes 8 bytes. Writing to a uint16_t variable (2 bytes) causes stack corruption.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@PekingSpades