libreport/0002-gui-wizard-gtk-wizard-Fix-invalid-memory-read.patch

From 85b687098bcedb67285ab787b8bd506d328c34e0 Mon Sep 17 00:00:00 2001
From: Ernestas Kulik <ekulik@redhat.com>
Date: Tue, 25 Aug 2020 15:17:54 +0300
Subject: [PATCH] gui-wizard-gtk: wizard: Fix invalid memory read
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This partially reverts 7aba6e53bbfeedaacd95bbaa5e0c5e325a3e6a8d, which
results in “event” being inappropriately freed before a “goto” statement
is executed and the value stored in “g_event_selected” is read.
---
 src/gui-wizard-gtk/wizard.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/gui-wizard-gtk/wizard.c b/src/gui-wizard-gtk/wizard.c
index a4d7caa0..3e69a513 100644
--- a/src/gui-wizard-gtk/wizard.c
+++ b/src/gui-wizard-gtk/wizard.c
@@ -2635,7 +2635,7 @@ static gint select_next_page_no(gint current_page_no)
 
         log_info("%s: Looking for next event to process", __func__);
         /* (note: this frees and sets to NULL g_event_selected) */
-        g_autofree char *event = setup_next_processed_event(&g_auto_event_list);
+        char *event = setup_next_processed_event(&g_auto_event_list);
         if (!event)
         {
             current_page_no = PAGENO_EVENT_PROGRESS - 1;
@@ -2644,6 +2644,8 @@ static gint select_next_page_no(gint current_page_no)
 
         if (!get_sensitive_data_permission(event))
         {
+            free(event);
+
             cancel_processing(g_lbl_event_log, /* default message */ NULL, TERMINATE_NOFLAGS);
             current_page_no = PAGENO_EVENT_PROGRESS - 1;
             goto again;
@@ -2659,6 +2661,8 @@ static gint select_next_page_no(gint current_page_no)
 
             if (libreport_get_global_stop_on_not_reportable())
             {
+                free(event);
+
                 cancel_processing(g_lbl_event_log, msg, TERMINATE_NOFLAGS);
                 current_page_no = PAGENO_EVENT_PROGRESS - 1;
                 goto again;
-- 
2.28.0