26 lines
673 B
Diff
26 lines
673 B
Diff
|
commit a09d9519a57e84d8e2ad592fbba09e8a9faf55f8
|
||
|
Author: Wolfgang Frisch <wolfgang.frisch@suse.com>
|
||
|
Date: Tue Jul 30 14:17:32 2024 +0200
|
||
|
|
||
|
Fix double-free/OOB read in pch.c (CVE-2019-20633)
|
||
|
|
||
|
see also: https://savannah.gnu.org/bugs/index.php?56683#comment1
|
||
|
|
||
|
diff --git a/src/pch.c b/src/pch.c
|
||
|
index fd9c480..57c76de 100644
|
||
|
--- a/src/pch.c
|
||
|
+++ b/src/pch.c
|
||
|
@@ -1183,8 +1183,11 @@ another_hunk (enum diff difftype, bool rev)
|
||
|
while (p_end >= 0) {
|
||
|
if (p_end == p_efake)
|
||
|
p_end = p_bfake; /* don't free twice */
|
||
|
- else
|
||
|
+ else {
|
||
|
free(p_line[p_end]);
|
||
|
+ p_line[p_end] = NULL;
|
||
|
+ p_len[p_end] = 0;
|
||
|
+ }
|
||
|
p_end--;
|
||
|
}
|
||
|
assert(p_end == -1);
|