62a7e24c27
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/libreport.git#4eeb8e1577a388094f992f5eacaf7b31a6a8ac04
49 lines
1.4 KiB
Diff
49 lines
1.4 KiB
Diff
From 9cdf0f9123ee39c7cb32a276371b2fd95f0df5ac Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
|
|
Date: Mon, 2 Nov 2020 11:45:23 +0100
|
|
Subject: [PATCH] rhbz: Fix a double-free condition
|
|
|
|
The `cc` string must not be freed after the variable goes out of scope
|
|
since it's appended to `cc_list`. (`g_list_append()` does not copy its
|
|
input.) We only need to free the last string in the loop, which is an
|
|
empty string.
|
|
|
|
The bug was introduced in 7aba6e53.
|
|
|
|
Resolves rhbz#1893595
|
|
---
|
|
src/plugins/rhbz.c | 8 +++++---
|
|
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/plugins/rhbz.c b/src/plugins/rhbz.c
|
|
index 8a2ded79..e0d7a091 100644
|
|
--- a/src/plugins/rhbz.c
|
|
+++ b/src/plugins/rhbz.c
|
|
@@ -406,18 +406,20 @@ GList *rhbz_bug_cc(xmlrpc_value* result_xml)
|
|
if (!item)
|
|
continue;
|
|
|
|
- g_autofree const char* cc = NULL;
|
|
- xmlrpc_read_string(&env, item, &cc);
|
|
+ char *cc = NULL;
|
|
+ xmlrpc_read_string(&env, item, (const char **)&cc);
|
|
xmlrpc_DECREF(item);
|
|
if (env.fault_occurred)
|
|
abrt_xmlrpc_die(&env);
|
|
|
|
if (*cc != '\0')
|
|
{
|
|
- cc_list = g_list_append(cc_list, (char*)cc);
|
|
+ cc_list = g_list_append(cc_list, cc);
|
|
log_debug("member on cc is %s", cc);
|
|
continue;
|
|
}
|
|
+
|
|
+ free(cc);
|
|
}
|
|
xmlrpc_DECREF(cc_member);
|
|
return cc_list;
|
|
--
|
|
2.26.2
|
|
|