[xmlrpc-c/f17] backported "Fix double free of memory with failed xmlrpc_parse_value()" patch
ensc
ensc at fedoraproject.org
Wed Jun 6 19:21:12 UTC 2012
commit 6b42c410d99761670a6c3264075c69fd0a86a605
Author: Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de>
Date: Wed Jun 6 21:20:48 2012 +0200
backported "Fix double free of memory with failed xmlrpc_parse_value()" patch
fix-double-free.patch | 105 +++++++++++++++++++++++++++++++++++++++++++++++++
xmlrpc-c.spec | 8 +++-
2 files changed, 112 insertions(+), 1 deletions(-)
---
diff --git a/fix-double-free.patch b/fix-double-free.patch
new file mode 100644
index 0000000..e0f8ab0
--- /dev/null
+++ b/fix-double-free.patch
@@ -0,0 +1,105 @@
+commit dc129ae656085855cf126e81183001a5c50fdd77
+Author: giraffedata <giraffedata at adbb7d4b-a73a-0410-a071-c5f57c452bd4>
+Date: Sat May 26 21:00:19 2012 +0000
+
+ Fix double free of memory with failed xmlrpc_parse_value()
+
+ git-svn-id: https://xmlrpc-c.svn.sourceforge.net/svnroot/xmlrpc-c/trunk@2327 adbb7d4b-a73a-0410-a071-c5f57c452bd4
+
+diff --git a/src/xmlrpc_decompose.c b/src/xmlrpc_decompose.c
+index 6323a26..4a77426 100644
+--- a/src/xmlrpc_decompose.c
++++ b/src/xmlrpc_decompose.c
+@@ -165,37 +165,33 @@ struct decompTreeNode {
+
+ /* prototype for recursive calls */
+ static void
+-releaseDecomposition(const struct decompTreeNode * const decompRootP,
+- bool const oldstyleMemMgmt);
++releaseDecomposition(const struct decompTreeNode * const decompRootP);
+
+
+ static void
+-releaseDecompArray(struct arrayDecomp const arrayDecomp,
+- bool const oldstyleMemMgmt) {
++releaseDecompArray(struct arrayDecomp const arrayDecomp) {
+
+ unsigned int i;
+ for (i = 0; i < arrayDecomp.itemCnt; ++i) {
+- releaseDecomposition(arrayDecomp.itemArray[i], oldstyleMemMgmt);
++ releaseDecomposition(arrayDecomp.itemArray[i]);
+ }
+ }
+
+
++
+ static void
+-releaseDecompStruct(struct structDecomp const structDecomp,
+- bool const oldstyleMemMgmt) {
++releaseDecompStruct(struct structDecomp const structDecomp) {
+
+ unsigned int i;
+ for (i = 0; i < structDecomp.mbrCnt; ++i) {
+- releaseDecomposition(structDecomp.mbrArray[i].decompTreeP,
+- oldstyleMemMgmt);
++ releaseDecomposition(structDecomp.mbrArray[i].decompTreeP);
+ }
+ }
+
+
+
+ static void
+-releaseDecomposition(const struct decompTreeNode * const decompRootP,
+- bool const oldstyleMemMgmt) {
++releaseDecomposition(const struct decompTreeNode * const decompRootP) {
+ /*----------------------------------------------------------------------------
+ Assuming that Caller has decomposed something according to 'decompRootP',
+ release whatever resources the decomposed information occupies.
+@@ -236,10 +232,10 @@ releaseDecomposition(const struct decompTreeNode * const decompRootP,
+ xmlrpc_DECREF(*decompRootP->store.TstructVal.valueP);
+ break;
+ case '(':
+- releaseDecompArray(decompRootP->store.Tarray, oldstyleMemMgmt);
++ releaseDecompArray(decompRootP->store.Tarray);
+ break;
+ case '{':
+- releaseDecompStruct(decompRootP->store.Tstruct, oldstyleMemMgmt);
++ releaseDecompStruct(decompRootP->store.Tstruct);
+ break;
+ }
+ }
+@@ -310,11 +306,12 @@ parsearray(xmlrpc_env * const envP,
+ }
+ }
+ if (envP->fault_occurred) {
+- /* Release the items we completed before we failed. */
+- unsigned int i;
+- for (i = 0; i < doneCnt; ++i)
+- releaseDecomposition(arrayDecomp.itemArray[i],
+- oldstyleMemMgmt);
++ if (!oldstyleMemMgmt) {
++ /* Release the items we completed before we failed. */
++ unsigned int i;
++ for (i = 0; i < doneCnt; ++i)
++ releaseDecomposition(arrayDecomp.itemArray[i]);
++ }
+ }
+ }
+ }
+@@ -351,10 +348,12 @@ parsestruct(xmlrpc_env * const envP,
+ }
+
+ if (envP->fault_occurred) {
+- unsigned int i;
+- for (i = 0; i < doneCount; ++i)
+- releaseDecomposition(structDecomp.mbrArray[i].decompTreeP,
+- oldstyleMemMgmt);
++ if (!oldstyleMemMgmt) {
++ /* Release the items we completed before we failed. */
++ unsigned int i;
++ for (i = 0; i < doneCount; ++i)
++ releaseDecomposition(structDecomp.mbrArray[i].decompTreeP);
++ }
+ }
+ }
+
diff --git a/xmlrpc-c.spec b/xmlrpc-c.spec
index 41340b6..6f7cac1 100644
--- a/xmlrpc-c.spec
+++ b/xmlrpc-c.spec
@@ -6,7 +6,7 @@
Summary: A lightweight RPC library based on XML and HTTP
Name: xmlrpc-c
Version: 1.29.3
-Release: %release_func 1704.svn%svnrev
+Release: %release_func 1705.svn%svnrev
# See COPYING for details.
# The Python 1.5.2 license used by a few files is just BSD.
License: BSD and MIT
@@ -23,6 +23,7 @@ Source101: dso-fixup
Patch1: curl-uninit-auth.patch
Patch2: ipv6-parse.patch
+Patch3: fix-double-free.patch
Patch100: xmlrpc-c-cmake.patch
Patch102: xmlrpc-c-printf-size_t.patch
@@ -115,6 +116,7 @@ This package contains some handy XML-RPC demo applications.
%setup -q
%patch1 -p1
%patch2 -p1
+%patch3 -p1
%patch100 -p1
%patch102 -p1
%patch105 -p1
@@ -240,6 +242,10 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Wed Jun 6 2012 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 1.29.3-1705.svn2290
+- backported "Fix double free of memory with failed xmlrpc_parse_value()"
+ patch
+
* Sat May 26 2012 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 1.29.3-1704.svn2290
- backported IPv6 server related patch
More information about the scm-commits
mailing list