Add upstream patches for memory management

Add patch for rhbz#1883337 and rhbz#1883410.
2020-09-29 16:15:42 +02:00 · 2020-09-29 16:15:42 +02:00 · 11466005e0
commit 11466005e0
parent e6ffee77b6
3 changed files with 113 additions and 1 deletions
--- a/0005-gui-wizard-gtk-Fix-segfault.patch
+++ b/0005-gui-wizard-gtk-Fix-segfault.patch
@ -0,0 +1,66 @@
+From 1a22f30187163ce288b14e55a80539353a38b7be Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
+Date: Tue, 29 Sep 2020 14:16:00 +0200
+Subject: [PATCH 1/2] gui-wizard-gtk: Fix segfault
+
+Since show_error_as_msgbox() is specified as the custom logging handler
+(via setting libreport_g_custom_logger), it will get called if an error
+occurs in libreport_save_user_settings(). However, at that point,
+g_wnd_assistant has already been destroyed, which leads to an invalid
+read in show_error_as_msgbox().
+
+This change unsets the custom logging handler after the GUI is destroyed
+and adds an assertion in show_error_as_msgbox() checking that
+g_wnd_assistant is not a null pointer.
+
+Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1883337
+---
+ src/gui-wizard-gtk/main.c   | 6 ++++--
+ src/gui-wizard-gtk/wizard.c | 2 ++
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/gui-wizard-gtk/main.c b/src/gui-wizard-gtk/main.c
+index e111948c..f094c5fb 100644
+--- a/src/gui-wizard-gtk/main.c
+++ b/src/gui-wizard-gtk/main.c
+@@ -125,6 +125,7 @@ int main(int argc, char **argv)
+     /* List of events specified on the command line. */
+     GList *user_event_list = NULL;
+     const char *prgname = "abrt";
+    int ret = 0;
+     abrt_init(argv);
+ 
+     /* I18n */
+@@ -217,13 +218,14 @@ int main(int argc, char **argv)
+     g_signal_connect(app, "startup",  G_CALLBACK(startup_wizard),  NULL);
+ 
+     /* Enter main loop */
+-    g_application_run(G_APPLICATION(app), argc, argv);
+    ret = g_application_run(G_APPLICATION(app), argc, argv);
+     g_object_unref(app);
+    libreport_g_custom_logger = NULL;
+ 
+     if (opts & OPT_d)
+         delete_dump_dir_possibly_using_abrtd(g_dump_dir_name);
+ 
+     libreport_save_user_settings();
+ 
+-    return 0;
+    return ret;
+ }
+diff --git a/src/gui-wizard-gtk/wizard.c b/src/gui-wizard-gtk/wizard.c
+index 775b709f..c4a0b4c0 100644
+--- a/src/gui-wizard-gtk/wizard.c
+++ b/src/gui-wizard-gtk/wizard.c
+@@ -360,6 +360,8 @@ struct dump_dir *wizard_open_directory_for_writing(const char *dump_dir_name)
+ 
+ void show_error_as_msgbox(const char *msg)
+ {
+    g_return_if_fail(g_wnd_assistant != NULL);
+
+     GtkWidget *dialog = gtk_message_dialog_new(GTK_WINDOW(g_wnd_assistant),
+                 GTK_DIALOG_DESTROY_WITH_PARENT,
+                 GTK_MESSAGE_WARNING,
+-- 
+2.26.2
+
--- a/0006-event_config-Null-autofree-pointers-before-returning.patch
+++ b/0006-event_config-Null-autofree-pointers-before-returning.patch
@ -0,0 +1,40 @@
+From 41b6477bdeaa82c647db2f1c2ba1132c77b365ed Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
+Date: Tue, 29 Sep 2020 14:43:15 +0200
+Subject: [PATCH 2/2] event_config: Null autofree pointers before returning
+
+The pointers to strings in the function check_problem_rating_usability()
+need to be nullified before the function returns as they are declared
+for auto-cleanup.
+
+This change fixes a double-free condition in which the returned strings
+were attempted to be freed again in the caller,
+is_backtrace_rating_usable().
+
+Bug was introduced in 05e9c9273.
+
+Resolves rhbz#1883410
+---
+ src/lib/event_config.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/lib/event_config.c b/src/lib/event_config.c
+index c8053b7c..01e91efe 100644
+--- a/src/lib/event_config.c
+++ b/src/lib/event_config.c
+@@ -541,10 +541,10 @@ bool check_problem_rating_usability(const event_config_t *cfg,
+ 
+ finish:
+     if (description)
+-        *description = tmp_desc;
+        *description = g_steal_pointer(&tmp_desc);
+ 
+     if (detail)
+-        *detail = tmp_detail;
+        *detail = g_steal_pointer(&tmp_detail);
+ 
+     return result;
+ }
+-- 
+2.26.2
+
--- a/libreport.spec
+++ b/libreport.spec
@ -15,7 +15,7 @@
 Summary: Generic library for reporting various problems
 Name: libreport
 Version: 2.14.0
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: GPLv2+
 URL: https://abrt.readthedocs.org/
 Source: https://github.com/abrt/%{name}/archive/%{version}/%{name}-%{version}.tar.gz
@ -24,6 +24,8 @@ Patch0: 0001-gui-wizard-gtk-wizard-Remove-variable.patch
 Patch1: 0002-gui-wizard-gtk-wizard-Fix-invalid-memory-read.patch
 Patch2: 0003-gui-wizard-gtk-Fix-a-double-free-condition.patch
 Patch3: 0004-gui-wizard-gtk-Fix-a-segfault-and-memory-leak.patch
+Patch4: 0005-gui-wizard-gtk-Fix-segfault.patch
+Patch5: 0006-event_config-Null-autofree-pointers-before-returning.patch

 BuildRequires: %{dbus_devel}
 BuildRequires: gtk3-devel
@ -664,6 +666,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %endif

 %changelog
+* Tue Sep 29 2020 Matěj Grabovský <mgrabovs@redhat.com> - 2.14.0-10
+- Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1883337
+- Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1883410
+
 * Sun Sep 27 2020 Matěj Grabovský <mgrabovs@redhat.com> - 2.14.0-9
 - Add upstream fixes for memory management