26 lines
720 B
Diff
26 lines
720 B
Diff
commit a09d9519a57e84d8e2ad592fbba09e8a9faf55f8
|
|
Author: Wolfgang Frisch <wolfgang.frisch@suse.com>
|
|
Date: Tue Jul 30 14:17:32 2024 +0200
|
|
|
|
Fix double-free/OOB read in pch.c (CVE-2019-20633)
|
|
|
|
see also: https://savannah.gnu.org/bugs/index.php?56683#comment1
|
|
|
|
Index: patch-2.8/src/pch.c
|
|
===================================================================
|
|
--- patch-2.8.orig/src/pch.c
|
|
+++ patch-2.8/src/pch.c
|
|
@@ -1200,8 +1200,11 @@ another_hunk (enum diff difftype, bool r
|
|
while (p_end >= 0) {
|
|
if (p_end == p_efake)
|
|
p_end = p_bfake; /* don't free twice */
|
|
- else
|
|
+ else {
|
|
free(p_line[p_end]);
|
|
+ p_line[p_end] = NULL;
|
|
+ p_len[p_end] = 0;
|
|
+ }
|
|
p_end--;
|
|
}
|
|
assert (p_end < 0);
|