diff --git a/Avoid-double-free-on-deinit_thermal.patch b/Avoid-double-free-on-deinit_thermal.patch new file mode 100644 index 0000000..0fe4616 --- /dev/null +++ b/Avoid-double-free-on-deinit_thermal.patch @@ -0,0 +1,41 @@ +From b25b1f92ca88aa9f268c93d0d7f66efc0ebf840b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Dirk=20M=C3=BCller?= +Date: Tue, 25 Oct 2022 23:33:14 +0200 +Subject: [PATCH] Avoid double free on deinit_thermal() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +init_thermal() calls deinit_thermal() on error condition, +as well as main() calls deinit_thermal() again, causing +a double-free. + +Signed-off-by: Dirk Müller +--- + thermal.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/thermal.c b/thermal.c +index 64a9cdf..1d44104 100644 +--- a/thermal.c ++++ b/thermal.c +@@ -506,8 +506,14 @@ static gboolean set_netlink_nonblocking(void) + + void deinit_thermal(void) + { +- nl_cb_put(callback); +- nl_socket_free(sock); ++ if (callback) { ++ nl_cb_put(callback); ++ callback = NULL; ++ } ++ if (sock) { ++ nl_socket_free(sock); ++ sock = NULL; ++ } + } + + /* +-- +2.38.0 + diff --git a/double-free.patch b/double-free.patch new file mode 100644 index 0000000..4f9b989 --- /dev/null +++ b/double-free.patch @@ -0,0 +1,65 @@ +From 33c857d17b9af8a8a4dd785b8d511ba1f5d0bd88 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Dirk=20M=C3=BCller?= +Date: Tue, 18 Oct 2022 23:08:31 +0200 +Subject: [PATCH] Avoid uninitialized read +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +irq_info struct is initialized on stack so the members need to +be initalized to avoid a crash on uninitialized pointer dereference. + +Signed-off-by: Dirk Müller +--- + classify.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +Index: irqbalance-1.9.1/classify.c +=================================================================== +--- irqbalance-1.9.1.orig/classify.c ++++ irqbalance-1.9.1/classify.c +@@ -259,7 +259,7 @@ static gint compare_ints(gconstpointer a + + static void __add_banned_irq(int irq, GList **list) + { +- struct irq_info find, *new; ++ struct irq_info find = {0}, *new; + GList *entry; + + find.irq = irq; +@@ -394,7 +394,7 @@ get_numa_node: + + void remove_one_irq_from_db(int irq) + { +- struct irq_info find, *tmp; ++ struct irq_info find = {0}, *tmp; + GList *entry = NULL; + + find.irq = irq; +@@ -646,7 +646,7 @@ static void build_one_dev_entry(const ch + struct dirent *entry; + DIR *msidir; + int irqnum; +- struct irq_info hint; ++ struct irq_info hint = {0}; + char path[PATH_MAX]; + char devpath[PATH_MAX]; + +@@ -818,7 +818,7 @@ void for_each_irq(GList *list, void (*cb + struct irq_info *get_irq_info(int irq) + { + GList *entry; +- struct irq_info find; ++ struct irq_info find = {0}; + + find.irq = irq; + entry = g_list_find_custom(interrupts_db, &find, compare_ints); +@@ -832,7 +832,7 @@ struct irq_info *get_irq_info(int irq) + void migrate_irq(GList **from, GList **to, struct irq_info *info) + { + GList *entry; +- struct irq_info find, *tmp; ++ struct irq_info find = {0}, *tmp; + + find.irq = info->irq; + entry = g_list_find_custom(*from, &find, compare_ints); diff --git a/irqbalance.changes b/irqbalance.changes index 6ba4176..7afc14f 100644 --- a/irqbalance.changes +++ b/irqbalance.changes @@ -2,6 +2,7 @@ Tue Oct 25 21:09:07 UTC 2022 - Dirk Müller - run tests +- add Avoid-double-free-on-deinit_thermal.patch (bsc#1204607) ------------------------------------------------------------------- Tue Oct 18 21:15:49 UTC 2022 - Dirk Müller diff --git a/irqbalance.spec b/irqbalance.spec index 3e583fa..fd800af 100644 --- a/irqbalance.spec +++ b/irqbalance.spec @@ -31,6 +31,8 @@ Source: https://github.com/Irqbalance/irqbalance/archive/refs/tags/v%{ve Source3: sysconfig.irqbalance Patch1: Set-fd-limit.patch Patch2: uninitialized.patch +# https://github.com/Irqbalance/irqbalance/pull/243 +Patch3: Avoid-double-free-on-deinit_thermal.patch BuildRequires: libcap-ng-devel BuildRequires: libtool BuildRequires: ncurses-devel