From 11466005e02df53d5a468cf094038c0b60928013 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= Date: Tue, 29 Sep 2020 16:15:42 +0200 Subject: [PATCH] Add upstream patches for memory management Add patch for rhbz#1883337 and rhbz#1883410. --- 0005-gui-wizard-gtk-Fix-segfault.patch | 66 +++++++++++++++++++ ...l-autofree-pointers-before-returning.patch | 40 +++++++++++ libreport.spec | 8 ++- 3 files changed, 113 insertions(+), 1 deletion(-) create mode 100644 0005-gui-wizard-gtk-Fix-segfault.patch create mode 100644 0006-event_config-Null-autofree-pointers-before-returning.patch diff --git a/0005-gui-wizard-gtk-Fix-segfault.patch b/0005-gui-wizard-gtk-Fix-segfault.patch new file mode 100644 index 0000000..29d65ae --- /dev/null +++ b/0005-gui-wizard-gtk-Fix-segfault.patch @@ -0,0 +1,66 @@ +From 1a22f30187163ce288b14e55a80539353a38b7be Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= +Date: Tue, 29 Sep 2020 14:16:00 +0200 +Subject: [PATCH 1/2] gui-wizard-gtk: Fix segfault + +Since show_error_as_msgbox() is specified as the custom logging handler +(via setting libreport_g_custom_logger), it will get called if an error +occurs in libreport_save_user_settings(). However, at that point, +g_wnd_assistant has already been destroyed, which leads to an invalid +read in show_error_as_msgbox(). + +This change unsets the custom logging handler after the GUI is destroyed +and adds an assertion in show_error_as_msgbox() checking that +g_wnd_assistant is not a null pointer. + +Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1883337 +--- + src/gui-wizard-gtk/main.c | 6 ++++-- + src/gui-wizard-gtk/wizard.c | 2 ++ + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/gui-wizard-gtk/main.c b/src/gui-wizard-gtk/main.c +index e111948c..f094c5fb 100644 +--- a/src/gui-wizard-gtk/main.c ++++ b/src/gui-wizard-gtk/main.c +@@ -125,6 +125,7 @@ int main(int argc, char **argv) + /* List of events specified on the command line. */ + GList *user_event_list = NULL; + const char *prgname = "abrt"; ++ int ret = 0; + abrt_init(argv); + + /* I18n */ +@@ -217,13 +218,14 @@ int main(int argc, char **argv) + g_signal_connect(app, "startup", G_CALLBACK(startup_wizard), NULL); + + /* Enter main loop */ +- g_application_run(G_APPLICATION(app), argc, argv); ++ ret = g_application_run(G_APPLICATION(app), argc, argv); + g_object_unref(app); ++ libreport_g_custom_logger = NULL; + + if (opts & OPT_d) + delete_dump_dir_possibly_using_abrtd(g_dump_dir_name); + + libreport_save_user_settings(); + +- return 0; ++ return ret; + } +diff --git a/src/gui-wizard-gtk/wizard.c b/src/gui-wizard-gtk/wizard.c +index 775b709f..c4a0b4c0 100644 +--- a/src/gui-wizard-gtk/wizard.c ++++ b/src/gui-wizard-gtk/wizard.c +@@ -360,6 +360,8 @@ struct dump_dir *wizard_open_directory_for_writing(const char *dump_dir_name) + + void show_error_as_msgbox(const char *msg) + { ++ g_return_if_fail(g_wnd_assistant != NULL); ++ + GtkWidget *dialog = gtk_message_dialog_new(GTK_WINDOW(g_wnd_assistant), + GTK_DIALOG_DESTROY_WITH_PARENT, + GTK_MESSAGE_WARNING, +-- +2.26.2 + diff --git a/0006-event_config-Null-autofree-pointers-before-returning.patch b/0006-event_config-Null-autofree-pointers-before-returning.patch new file mode 100644 index 0000000..ed3a26f --- /dev/null +++ b/0006-event_config-Null-autofree-pointers-before-returning.patch @@ -0,0 +1,40 @@ +From 41b6477bdeaa82c647db2f1c2ba1132c77b365ed Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= +Date: Tue, 29 Sep 2020 14:43:15 +0200 +Subject: [PATCH 2/2] event_config: Null autofree pointers before returning + +The pointers to strings in the function check_problem_rating_usability() +need to be nullified before the function returns as they are declared +for auto-cleanup. + +This change fixes a double-free condition in which the returned strings +were attempted to be freed again in the caller, +is_backtrace_rating_usable(). + +Bug was introduced in 05e9c9273. + +Resolves rhbz#1883410 +--- + src/lib/event_config.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/lib/event_config.c b/src/lib/event_config.c +index c8053b7c..01e91efe 100644 +--- a/src/lib/event_config.c ++++ b/src/lib/event_config.c +@@ -541,10 +541,10 @@ bool check_problem_rating_usability(const event_config_t *cfg, + + finish: + if (description) +- *description = tmp_desc; ++ *description = g_steal_pointer(&tmp_desc); + + if (detail) +- *detail = tmp_detail; ++ *detail = g_steal_pointer(&tmp_detail); + + return result; + } +-- +2.26.2 + diff --git a/libreport.spec b/libreport.spec index 2d609f8..27d2948 100644 --- a/libreport.spec +++ b/libreport.spec @@ -15,7 +15,7 @@ Summary: Generic library for reporting various problems Name: libreport Version: 2.14.0 -Release: 9%{?dist} +Release: 10%{?dist} License: GPLv2+ URL: https://abrt.readthedocs.org/ Source: https://github.com/abrt/%{name}/archive/%{version}/%{name}-%{version}.tar.gz @@ -24,6 +24,8 @@ Patch0: 0001-gui-wizard-gtk-wizard-Remove-variable.patch Patch1: 0002-gui-wizard-gtk-wizard-Fix-invalid-memory-read.patch Patch2: 0003-gui-wizard-gtk-Fix-a-double-free-condition.patch Patch3: 0004-gui-wizard-gtk-Fix-a-segfault-and-memory-leak.patch +Patch4: 0005-gui-wizard-gtk-Fix-segfault.patch +Patch5: 0006-event_config-Null-autofree-pointers-before-returning.patch BuildRequires: %{dbus_devel} BuildRequires: gtk3-devel @@ -664,6 +666,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %endif %changelog +* Tue Sep 29 2020 Matěj Grabovský - 2.14.0-10 +- Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1883337 +- Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1883410 + * Sun Sep 27 2020 Matěj Grabovský - 2.14.0-9 - Add upstream fixes for memory management