28 lines
1.1 KiB
Diff
28 lines
1.1 KiB
Diff
commit 10c0bcb3d3935f9b79a828502513c2084c90772c
|
|
Author: Florian Weimer <fweimer@redhat.com>
|
|
Date: Thu Nov 6 14:49:21 2025 +0100
|
|
|
|
support: Exit on consistency check failure in resolv_response_add_name
|
|
|
|
Using TEST_VERIFY (crname_target != crname) instructs some analysis
|
|
tools that crname_target == crname might hold. Under this assumption,
|
|
they report a use-after-free for crname_target->offset below, caused
|
|
by the previous free (crname).
|
|
|
|
Reviewed-by: Collin Funk <collin.funk1@gmail.com>
|
|
(cherry picked from commit b64335ff111c071fde61aec1c1a8460afb3d16d4)
|
|
|
|
diff --git a/support/resolv_test.c b/support/resolv_test.c
|
|
index f1613bd255c086e1..d4cc26b4aa24ce3a 100644
|
|
--- a/support/resolv_test.c
|
|
+++ b/support/resolv_test.c
|
|
@@ -326,7 +326,7 @@ resolv_response_add_name (struct resolv_response_builder *b,
|
|
crname_target = *ptr;
|
|
else
|
|
crname_target = NULL;
|
|
- TEST_VERIFY (crname_target != crname);
|
|
+ TEST_VERIFY_EXIT (crname_target != crname);
|
|
/* Not added to the tree. */
|
|
free (crname);
|
|
}
|