[PATCH] zstd: prevent potential free() of uninitialized memory
Augie Fackler
raf at durin42.com
Tue Jan 17 15:35:11 EST 2017
On Tue, Jan 17, 2017 at 10:20:50AM -0800, Gregory Szorc wrote:
> # HG changeset patch
> # User Gregory Szorc <gregory.szorc at gmail.com>
> # Date 1484677033 28800
> # Tue Jan 17 10:17:13 2017 -0800
> # Node ID 29baf7787b317b2aa8e5393126d7feeb1fa0d8bb
> # Parent 923336cf8b8afdb41746ecef8a39d773bd5538bf
> zstd: prevent potential free() of uninitialized memory
Seems righteous enough. Queued.
>
> This is a cherry pick of an upstream fix. The free() of uninitialed
> memory could likely only occur if a malloc() inside zstd fails.
>
> The patched functions aren't currently used by Mercurial. But I don't
> like leaving footguns sitting around.
>
> diff --git a/contrib/python-zstandard/c-ext/compressor.c b/contrib/python-zstandard/c-ext/compressor.c
> --- a/contrib/python-zstandard/c-ext/compressor.c
> +++ b/contrib/python-zstandard/c-ext/compressor.c
> @@ -258,6 +258,9 @@ static PyObject* ZstdCompressor_copy_str
> return NULL;
> }
>
> + /* Prevent free on uninitialized memory in finally. */
> + output.dst = NULL;
> +
> cstream = CStream_from_ZstdCompressor(self, sourceSize);
> if (!cstream) {
> res = NULL;
> diff --git a/contrib/python-zstandard/c-ext/decompressor.c b/contrib/python-zstandard/c-ext/decompressor.c
> --- a/contrib/python-zstandard/c-ext/decompressor.c
> +++ b/contrib/python-zstandard/c-ext/decompressor.c
> @@ -165,6 +165,9 @@ static PyObject* Decompressor_copy_strea
> return NULL;
> }
>
> + /* Prevent free on uninitialized memory in finally. */
> + output.dst = NULL;
> +
> dstream = DStream_from_ZstdDecompressor(self);
> if (!dstream) {
> res = NULL;
> _______________________________________________
> Mercurial-devel mailing list
> Mercurial-devel at mercurial-scm.org
> https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
More information about the Mercurial-devel
mailing list