[dpkg] 121/187: libdpkg: Fix free() on uninitialized pointer in error_context_errmsg_format()

Reiner Herrmann reiner at reiner-h.de
Sun Nov 6 12:46:32 UTC 2016 

This is an automated email from the git hooks/post-receive script.

deki-guest pushed a commit to branch master
in repository dpkg.

commit 678fd0b6dc195f48779fda72b0eb97d68c85e7ac
Author: Guillem Jover <guillem at debian.org>
Date:   Sat Sep 3 05:20:38 2016 +0200

    libdpkg: Fix free() on uninitialized pointer in error_context_errmsg_format()
    
    When erroring out inside a recursive error handler the error context
    errmsg field was not initialized, which meant the a free() was being
    done on a garbage pointer, crashing the program.
    
    Regression introduced in commit 4e1e0e78412060de420d2fa7f8a24231d6eff9bb.
---
 debian/changelog   | 2 ++
 lib/dpkg/ehandle.c | 3 +--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 86188cd..2c479ab 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -38,6 +38,8 @@ dpkg (1.18.11) UNRELEASED; urgency=medium
     gets truncated. In case we have to use the emergency buffer because the
     previous vasprintf() call failed, we should only return an error code if
     the vsnprintf() call on the emergency buffer truncates the output.
+  * Fix free() on uninitialized pointer in error_context_errmsg_format() in
+    libdpkg. Regression introduced in dpkg 1.18.7. Closes: #842004
   * Architecture support:
     - Add support for AIX operating system.
   * Portability:
diff --git a/lib/dpkg/ehandle.c b/lib/dpkg/ehandle.c
index e59b7b3..f21fb07 100644
--- a/lib/dpkg/ehandle.c
+++ b/lib/dpkg/ehandle.c
@@ -280,8 +280,7 @@ run_cleanups(struct error_context *econ, int flagsetin)
         if (setjmp(recurse_jump)) {
           run_cleanups(&recurserr, ehflag_bombout | ehflag_recursiveerror);
         } else {
-          recurserr.cleanups= NULL;
-          recurserr.next= NULL;
+          memset(&recurserr, 0, sizeof(recurserr));
           set_error_printer(&recurserr, print_cleanup_error, NULL);
           set_jump_handler(&recurserr, &recurse_jump);
           econtext= &recurserr;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git

More information about the Reproducible-commits mailing list