Ticket #4616 (closed defect: fixed)
[PATCH] (tar.c) fix double free
| Reported by: | and | Owned by: | andrew_b |
|---|---|---|---|
| Priority: | major | Milestone: | 4.8.33 |
| Component: | mc-vfs | Version: | master |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Branch state: | merged | Votes for changeset: | committed-master |
Description
When tar data block unexpected end then header_copy get freed but goto ret: freed header_copy again.
Save header_copy pointer AFTER successful tar data block handling.
Found by Clang-19 Static Analyzer
Attachments
Change History
comment:1 Changed 4 weeks ago by andrew_b
- Status changed from new to accepted
- Owner set to andrew_b
- Component changed from mc-core to mc-vfs
- Branch state changed from no branch to on review
- Milestone changed from Future Releases to 4.8.33
Thanks for the reporting this bug. But I'd like to keep the tar VFS code in sync with GNU tar as much as possible. Another solution is get rid of g_free (header_copy) in the loop.
Branch: 4616_tar_double_free
changeset:152362bcb1586203a961622d069ce1007cf5222e
comment:2 Changed 4 weeks ago by zaytsev
- Votes for changeset set to zaytsev
- Branch state changed from on review to approved
Hmmm, yes, I also thought as much.
comment:3 Changed 4 weeks ago by andrew_b
- Status changed from accepted to testing
- Votes for changeset changed from zaytsev to committed-master
- Resolution set to fixed
- Branch state changed from approved to merged
Merged to master: [0df9c46cd16cec4ab54a03f269d85c519f7260c5].
Note: See
TracTickets for help on using
tickets.
