35 lines
1.1 KiB
Diff
35 lines
1.1 KiB
Diff
From 0983d0a55701c490f21fc741068c7a09c99a4aa9 Mon Sep 17 00:00:00 2001
|
|
From: Michal Domonkos <mdomonko@redhat.com>
|
|
Date: Thu, 16 May 2024 12:37:57 +0200
|
|
Subject: [PATCH] Fix potential double-free in test3.c
|
|
|
|
The pointer to newargv passed to poptParseArgvString() may not be
|
|
assigned to in case of an error, and it still may contain an address to
|
|
already freed memory from the previous for loop iteration.
|
|
|
|
To fix, add a return value check, similar to the one above it for the
|
|
out pointer.
|
|
|
|
Found by a static analyzer.
|
|
---
|
|
tests/test3.c | 6 +++++-
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/tests/test3.c b/tests/test3.c
|
|
index aa91167a..f1ee7774 100644
|
|
--- a/tests/test3.c
|
|
+++ b/tests/test3.c
|
|
@@ -30,7 +30,11 @@ int main (int argc, char **argv) {
|
|
|
|
printf ("single string: '%s'\n", out);
|
|
|
|
- poptParseArgvString (out, &newargc, &newargv);
|
|
+ ret = poptParseArgvString (out, &newargc, &newargv);
|
|
+ if (ret != 0) {
|
|
+ printf ("cannot parse %s. ret=%d\n", out, ret);
|
|
+ continue;
|
|
+ }
|
|
|
|
printf ("popt array: size=%d\n", newargc);
|
|
for (j = 0; j < newargc; j++)
|