commit a09d9519a57e84d8e2ad592fbba09e8a9faf55f8 Author: Wolfgang Frisch Date: Tue Jul 30 14:17:32 2024 +0200 Fix double-free/OOB read in pch.c (CVE-2019-20633) see also: https://savannah.gnu.org/bugs/index.php?56683#comment1 diff --git a/src/pch.c b/src/pch.c index fd9c480..57c76de 100644 --- a/src/pch.c +++ b/src/pch.c @@ -1183,8 +1183,11 @@ another_hunk (enum diff difftype, bool rev) while (p_end >= 0) { if (p_end == p_efake) p_end = p_bfake; /* don't free twice */ - else + else { free(p_line[p_end]); + p_line[p_end] = NULL; + p_len[p_end] = 0; + } p_end--; } assert(p_end == -1);