Codebase list unrtf / debian/0.21.5-3+deb8u1 debian / patches / 0004-attrstack_drop-Properly-drop-the-last-stack-element.patch
debian/0.21.5-3+deb8u1

Tree @debian/0.21.5-3+deb8u1 (Download .tar.gz)

0004-attrstack_drop-Properly-drop-the-last-stack-element.patch @debian/0.21.5-3+deb8u1raw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 4 Dec 2014 18:15:29 +0100
Subject: attrstack_drop(): Properly drop the last stack element

Previously stack_of_stacks_top would point to free'd memory,
resulting in:

==38960== Invalid read of size 4
==38960==    at 0x402853: attr_get_param (attr.c:355)
==38960==    by 0x40818A: word_print_core (convert.c:3412)
==38960==    by 0x406DBC: word_print (convert.c:3451)
==38960==    by 0x40CA27: main (main.c:267)
==38960==  Address 0x1e065e0 is 90,000 bytes inside a block of size 90,016 free'd
==38960==    at 0x1068498: free (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
==38960==    by 0x40CBD3: my_free (malloc.c:91)
==38960==    by 0x402E8C: attrstack_drop (attr.c:582)
==38960==    by 0x40812F: word_print_core (convert.c:3403)
==38960==    by 0x406DBC: word_print (convert.c:3451)
==38960==    by 0x40CA27: main (main.c:267)
==38960==
---
 src/attr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/attr.c b/src/attr.c
index bc19b6c..2c2552b 100644
--- a/src/attr.c
+++ b/src/attr.c
@@ -571,7 +571,7 @@ attrstack_drop ()
 	while(prev_stack && prev_stack->next && prev_stack->next != stack)
 		prev_stack = prev_stack->next;
 
-	if (prev_stack) {
+	if (prev_stack && (prev_stack != stack_of_stacks_top)) {
 		stack_of_stacks_top = prev_stack;
 		prev_stack->next = NULL;
 	} else {