From 3ad44b125cee87102a85051a455bc17f70bfb710 Mon Sep 17 00:00:00 2001 From: Iker Pedrosa Date: Tue, 9 Dec 2025 16:08:13 +0100 Subject: [PATCH] Avoid double-free memory corruption Resolves: RHEL-130877 Signed-off-by: Iker Pedrosa --- 0004-getfilecontents-buffer-overflow.patch | 67 ++++++++++++++++++++++ libeconf.spec | 7 ++- 2 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 0004-getfilecontents-buffer-overflow.patch diff --git a/0004-getfilecontents-buffer-overflow.patch b/0004-getfilecontents-buffer-overflow.patch new file mode 100644 index 0000000..dd6bf21 --- /dev/null +++ b/0004-getfilecontents-buffer-overflow.patch @@ -0,0 +1,67 @@ +From 732ef9161ef29bf54d6d5e0d4c19b663aad678c6 Mon Sep 17 00:00:00 2001 +From: Ignaz Forster +Date: Wed, 4 Aug 2021 13:57:46 +0200 +Subject: [PATCH] Allocate fixed length filename buffer + +Valgrind found a memory leak when calling + +econf_file *kf; +econf_readFile(&kf, "test.ini", "=", "#"); +econf_freeFile(kf); + +This is caused by the global variable last_scanned_filename which is +assigned dynamically and thus won't be free'd on exit. +Just use fixed size array instead. + +Also declare the global variables static while at it. +--- + lib/getfilecontents.c | 15 +++++---------- + 1 file changed, 5 insertions(+), 10 deletions(-) + +diff --git a/lib/getfilecontents.c b/lib/getfilecontents.c +index f03ab8f..f4944ee 100644 +--- a/lib/getfilecontents.c ++++ b/lib/getfilecontents.c +@@ -27,14 +27,15 @@ + #include "helpers.h" + + #include ++#include + #include + #include + #include + #include + + /*info for reporting scan errors (line Nr, filename) */ +-uint64_t last_scanned_line_nr = 0; +-char *last_scanned_filename = NULL; ++static uint64_t last_scanned_line_nr = 0; ++static char last_scanned_filename[PATH_MAX]; + + static econf_err + join_same_entries(econf_file *ef) +@@ -243,13 +244,7 @@ read_file(econf_file *ef, const char *file, + if (kf == NULL) + return ECONF_NOFILE; + +- if (last_scanned_filename != NULL) +- free(last_scanned_filename); +- last_scanned_filename = strdup(file); +- if (last_scanned_filename == NULL) { +- fclose (kf); +- return ECONF_NOMEM; +- } ++ snprintf(last_scanned_filename, sizeof(last_scanned_filename), "%s", file); + + check_delim(delim, &has_wsp, &has_nonwsp); + +@@ -508,5 +503,5 @@ read_file(econf_file *ef, const char *file, + void last_scanned_file(char **filename, uint64_t *line_nr) + { + *line_nr = last_scanned_line_nr; +- *filename = last_scanned_filename ? strdup(last_scanned_filename) : NULL; ++ *filename = strdup(last_scanned_filename); + } +-- +2.51.0 + diff --git a/libeconf.spec b/libeconf.spec index 0481497..5323f7a 100644 --- a/libeconf.spec +++ b/libeconf.spec @@ -5,7 +5,7 @@ Name: libeconf Version: 0.4.1 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Enhanced config file parser library License: MIT @@ -18,6 +18,8 @@ Patch0001: 0001-getfilecontents-buffer-overflow.patch Patch0002: 0002-cmake-no-install-html.patch # https://github.com/openSUSE/libeconf/commit/7c5d0a7198eb97104952e56e43c37eb337c3cf21 Patch0003: 0003-Fix-static-analyzer-detected-issues.patch +# https://github.com/openSUSE/libeconf/commit/732ef9161ef29bf54d6d5e0d4c19b663aad678c6 +Patch0004: 0004-getfilecontents-buffer-overflow.patch BuildRequires: cmake >= 3.12 BuildRequires: gcc @@ -83,6 +85,9 @@ configuration files from applications that use %{name}. %changelog +* Tue Dec 9 2025 Iker Pedrosa - 0.4.1-5 +- Avoid double-free memory corruption. Resolves: RHEL-130877 + * Thu Apr 11 2024 Iker Pedrosa - 0.4.1-4 - Fix static analyzer detected issues. Resolves: RHEL-24989