michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone

c5168f Fix use-after-free error in hashtab.c

Authored and Committed by Michal Domonkos 3 years ago
    Fix use-after-free error in hashtab.c
    
    This file has been completely removed upstream in the meantime (as part
    of the debuginfo tooling split off in commit 04b0805) so this patch will
    only be carried downstream.
    
    The issue here was that htab->entries would be freed at the end of
    htab_expand() if the htab->return_allocation_failure toggle was 0, and
    later accessed in the calling function(s).
    
    In reality, though, the toggle is initialized to 1 and never turned off
    in the current implementation, but let's future-proof ourselves in case
    we inadvertently turn it off in a future patch.
    
    Found by Coverity.
    
    Related: #1938861
    
        
file modified
+3 -0