rpms/json-c
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Update patch fixing a segfault caused by possible invalid frees

Browse Source
This commit is contained in:
Björn Esser 2017-12-14 18:54:42 +01:00
parent 9c657adefe
commit d86ebd42ff
No known key found for this signature in database
GPG Key ID: F52E98007594C21D
2 changed files with 20 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
json-c-0.13_json_object_avoid_invalid_free.patch
View File

@ -1,26 +1,26 @@
From 1c1c14271eadeb35dc2fb38e199bde2e90ff4ea3 Mon Sep 17 00:00:00 2001 From 9aca3b6a087a396a81d7e26f4557eb97fecc1386 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org> From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Wed, 13 Dec 2017 19:22:52 +0100 Date: Wed, 13 Dec 2017 19:22:52 +0100
Subject: [PATCH] json_object: Avoid double free (and thus a segfault) when Subject: [PATCH] json_object: Avoid invalid free (and thus a segfault) when
ref_count gets < 0 ref_count gets < 0
--- ---
json_object.c | 4 ++-- json_object.c | 5 +++++
1 file changed, 2 insertions(+), 2 deletions(-) 1 file changed, 5 insertions(+)
diff --git a/json_object.c b/json_object.c diff --git a/json_object.c b/json_object.c
index 042477a71b..b94b9e222a 100644 index 042477a71b..7c7438d8ea 100644
--- a/json_object.c --- a/json_object.c
+++ b/json_object.c +++ b/json_object.c
@@ -189,9 +189,9 @@ int json_object_put(struct json_object *jso) @@ -182,6 +182,11 @@ int json_object_put(struct json_object *jso)
* as that can result in the thread that loses the race to 0 {
* operating on an already-freed object. if(!jso) return 0;
*/
- if (__sync_sub_and_fetch(&jso->_ref_count, 1) > 0) return 0;
+ if (__sync_sub_and_fetch(&jso->_ref_count, 1) != 0) return 0;
#else
- if (--jso->_ref_count > 0) return 0;
+ if (--jso->_ref_count != 0) return 0;
#endif
if (jso->_user_delete) + /* Avoid invalid free and crash explicitly instead of (silently)
+ * segfaulting.
+ */
+ assert(jso->_ref_count > 0);
+
#if defined(HAVE_ATOMIC_BUILTINS) && defined(ENABLE_THREADING)
/* Note: this only allow the refcount to remain correct
* when multiple threads are adjusting it. It is still an error

5
json-c.spec
View File

@ -16,7 +16,7 @@
Name: json-c Name: json-c
Version: 0.13 Version: 0.13
Release: 4%{?dist} Release: 5%{?dist}
Summary: JSON implementation in C Summary: JSON implementation in C
License: MIT License: MIT
@ -176,6 +176,9 @@ end
%changelog %changelog
* Thu Dec 14 2017 Björn Esser <besser82@fedoraproject.org> - 0.13-5
- Update patch fixing a segfault caused by possible invalid frees
* Wed Dec 13 2017 Björn Esser <besser82@fedoraproject.org> - 0.13-4 * Wed Dec 13 2017 Björn Esser <besser82@fedoraproject.org> - 0.13-4
- Add upstream patch fixing invalid free in some cases - Add upstream patch fixing invalid free in some cases