01967: output.c unregister_client crash

ID	Category [?]	Severity [?]	Reproducibility	Date Submitted	Last Update
01967	Crash/Freeze	Critical (emulator)	Always	Jul 3, 2008, 16:31	Jul 6, 2008, 06:19

Tester	TheShanMan	View Status	Public	Platform	MAME (Official Binary)
Assigned To		Resolution	Fixed	OS	Windows XP/Vista 32-bit
Status [?]	Resolved			Driver
Version	0.125u8	Fixed in Version	0.126	Build	Normal
		Fixed in Git Commit		Github Pull Request #

Summary	01967: output.c unregister_client crash
Description	I submitted a diff to submit@mamedev.org, but thought you might like it submitted here too for tracking purposes. My app is causing mame to crash when it unregisters itself as an output client. Output.c’s unregister_client() is guaranteed to crash because if it finds a match then it ends up doing a “->next” twice – once in the “if” body, and once in the “for” statement. This patch to 0.125u8 fixes this problem. It simply adds a “break” to the “if” body since at that point there is no need to continue. Hope this can make it in for 0.126.
Steps To Reproduce	1. Launch mame. 2. Launch an app that both registers and unregisters itself as an output client (ledutil.exe registers itself but I'm not sure it ever goes through the unregister process). 3. Get that app to unregister itself. Boom. Mame crashes or goes away silently because it is trying to access a NULL pointer.
Additional Information	Diff submitted within the last hour to submit@mamedev.org. I'll upload here as well. This diff was tested by applying to 0.125u8 and confirmed to fix the problem when another app unregisters itself.
Github Commit

Flags
Regression Version
Affected Sets / Systems

Attached Files	unregister_client.zip (327 bytes) Jul 3, 2008, 16:31

No.01486 TheShanMan Tester Jul 4, 2008, 23:04	I just verified that it works against 0.125u9 as well.
No.01499 aaron Developer Jul 6, 2008, 06:19	Fixed by Jeff Shanholtz