Ticket #4616 (closed defect: fixed)

Opened 10 days ago

Last modified 5 days ago

[PATCH] (tar.c) fix double free

Reported by: and Owned by: andrew_b
Priority: major Milestone: 4.8.33
Component: mc-vfs Version: master
Keywords: Cc:
Blocked By: Blocking:
Branch state: merged Votes for changeset: committed-master

Description

When tar data block unexpected end then header_copy get freed but goto ret: freed header_copy again.
Save header_copy pointer AFTER successful tar data block handling.

Found by Clang-19 Static Analyzer

Attachments

mc-4616-tar.c-fix-double-free.patch (1.8 KB) - added by and 10 days ago.

Change History

Changed 10 days ago by and

comment:1 Changed 5 days ago by andrew_b

  • Status changed from new to accepted
  • Owner set to andrew_b
  • Component changed from mc-core to mc-vfs
  • Branch state changed from no branch to on review
  • Milestone changed from Future Releases to 4.8.33

Thanks for the reporting this bug. But I'd like to keep the tar VFS code in sync with GNU tar as much as possible. Another solution is get rid of g_free (header_copy) in the loop.

Branch: 4616_tar_double_free
changeset:152362bcb1586203a961622d069ce1007cf5222e

comment:2 Changed 5 days ago by zaytsev

  • Votes for changeset set to zaytsev
  • Branch state changed from on review to approved

Hmmm, yes, I also thought as much.

comment:3 Changed 5 days ago by andrew_b

  • Status changed from accepted to testing
  • Votes for changeset changed from zaytsev to committed-master
  • Resolution set to fixed
  • Branch state changed from approved to merged

Merged to master: [0df9c46cd16cec4ab54a03f269d85c519f7260c5].

comment:4 Changed 5 days ago by andrew_b

  • Status changed from testing to closed
Note: See TracTickets for help on using tickets.