libarchive/SOURCES/libarchive-3.5.1-fix-covscan-rhel-9.patch

39 lines
1.4 KiB
Diff
Raw Normal View History

2021-11-03 23:46:28 +00:00
From 2722f5afe48a9a4089d41f75ec65d090934cfa52 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Tue, 11 May 2021 07:39:57 +0200
Subject: [PATCH] - Fixed double free when calling lzx_huffman_init frees
pointer ds - Fixed leak of rar before ending with error
---
libarchive/archive_read_support_format_cab.c | 1 -
libarchive/archive_read_support_format_rar5.c | 1 +
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/libarchive/archive_read_support_format_cab.c b/libarchive/archive_read_support_format_cab.c
index 43738b5..950f3d2 100644
--- a/libarchive/archive_read_support_format_cab.c
+++ b/libarchive/archive_read_support_format_cab.c
@@ -2110,7 +2110,6 @@ lzx_decode_init(struct lzx_stream *strm, int w_bits)
ds->pos_tbl = malloc(sizeof(ds->pos_tbl[0]) * w_slot);
if (ds->pos_tbl == NULL)
return (ARCHIVE_FATAL);
- lzx_huffman_free(&(ds->mt));
}
for (footer = 0; footer < 18; footer++)
diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c
index 58a61d1..5d62d16 100644
--- a/libarchive/archive_read_support_format_rar5.c
+++ b/libarchive/archive_read_support_format_rar5.c
@@ -4076,6 +4076,7 @@ int archive_read_support_format_rar5(struct archive *_a) {
if(ARCHIVE_OK != rar5_init(rar)) {
archive_set_error(&ar->archive, ENOMEM,
"Can't allocate rar5 filter buffer");
+ free(rar);
return ARCHIVE_FATAL;
}
--
2.30.2