Avoid double-free memory corruption

Resolves: RHEL-130877 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2025-12-09 16:08:13 +01:00 · 2025-12-09 16:08:13 +01:00 · 3ad44b125c
commit 3ad44b125c
parent 7175536219
2 changed files with 73 additions and 1 deletions
--- a/0004-getfilecontents-buffer-overflow.patch
+++ b/0004-getfilecontents-buffer-overflow.patch
@ -0,0 +1,67 @@
+From 732ef9161ef29bf54d6d5e0d4c19b663aad678c6 Mon Sep 17 00:00:00 2001
+From: Ignaz Forster <iforster@suse.com>
+Date: Wed, 4 Aug 2021 13:57:46 +0200
+Subject: [PATCH] Allocate fixed length filename buffer
+
+Valgrind found a memory leak when calling
+
+econf_file *kf;
+econf_readFile(&kf, "test.ini", "=", "#");
+econf_freeFile(kf);
+
+This is caused by the global variable last_scanned_filename which is
+assigned dynamically and thus won't be free'd on exit.
+Just use fixed size array instead.
+
+Also declare the global variables static while at it.
+---
+ lib/getfilecontents.c | 15 +++++----------
+ 1 file changed, 5 insertions(+), 10 deletions(-)
+
+diff --git a/lib/getfilecontents.c b/lib/getfilecontents.c
+index f03ab8f..f4944ee 100644
+--- a/lib/getfilecontents.c
+++ b/lib/getfilecontents.c
+@@ -27,14 +27,15 @@
+ #include "helpers.h"
+ 
+ #include <errno.h>
+#include <limits.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+ #include <ctype.h>
+ 
+ /*info for reporting scan errors (line Nr, filename) */
+-uint64_t last_scanned_line_nr = 0;
+-char *last_scanned_filename = NULL;
+static uint64_t last_scanned_line_nr = 0;
+static char last_scanned_filename[PATH_MAX];
+ 
+ static econf_err
+ join_same_entries(econf_file *ef)
+@@ -243,13 +244,7 @@ read_file(econf_file *ef, const char *file,
+   if (kf == NULL)
+     return ECONF_NOFILE;
+ 
+-  if (last_scanned_filename != NULL)
+-    free(last_scanned_filename);
+-  last_scanned_filename = strdup(file);
+-  if (last_scanned_filename == NULL) {
+-    fclose (kf);
+-    return ECONF_NOMEM;
+-  }
+  snprintf(last_scanned_filename, sizeof(last_scanned_filename), "%s", file);
+ 
+   check_delim(delim, &has_wsp, &has_nonwsp);
+ 
+@@ -508,5 +503,5 @@ read_file(econf_file *ef, const char *file,
+ void last_scanned_file(char **filename, uint64_t *line_nr)
+ {
+   *line_nr = last_scanned_line_nr;
+-  *filename = last_scanned_filename ? strdup(last_scanned_filename) : NULL;
+  *filename = strdup(last_scanned_filename);
+ }
+-- 
+2.51.0
+
--- a/libeconf.spec
+++ b/libeconf.spec
@ -5,7 +5,7 @@

 Name:           libeconf
 Version:        0.4.1
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        Enhanced config file parser library

 License:        MIT
@ -18,6 +18,8 @@ Patch0001: 0001-getfilecontents-buffer-overflow.patch
 Patch0002: 0002-cmake-no-install-html.patch
 # https://github.com/openSUSE/libeconf/commit/7c5d0a7198eb97104952e56e43c37eb337c3cf21
 Patch0003: 0003-Fix-static-analyzer-detected-issues.patch
+# https://github.com/openSUSE/libeconf/commit/732ef9161ef29bf54d6d5e0d4c19b663aad678c6
+Patch0004: 0004-getfilecontents-buffer-overflow.patch

 BuildRequires:  cmake >= 3.12
 BuildRequires:  gcc
@ -83,6 +85,9 @@ configuration files from applications that use %{name}.


 %changelog
+* Tue Dec  9 2025 Iker Pedrosa <ipedrosa@redhat.com> - 0.4.1-5
+- Avoid double-free memory corruption. Resolves: RHEL-130877
+
 * Thu Apr 11 2024 Iker Pedrosa <ipedrosa@redhat.com> - 0.4.1-4
 - Fix static analyzer detected issues. Resolves: RHEL-24989