mrc0mmand / rpms / libguestfs

Forked from rpms/libguestfs 3 years ago
Clone

Blame SOURCES/0014-options-Fix-segfault-when-multiple-key-parameters-gi.patch

56089c
From a3b5f37553d569a5abd9ebcde05ea4c45cc52f50 Mon Sep 17 00:00:00 2001
56089c
From: "Richard W.M. Jones" <rjones@redhat.com>
56089c
Date: Tue, 12 Nov 2019 18:15:44 +0000
56089c
Subject: [PATCH] options: Fix segfault when multiple --key parameters given.
56089c
56089c
Easily reproducible using:
56089c
56089c
  $ guestfish --key dev1:key:key1 --key dev2:key:key2
56089c
56089c
causing this stack trace (or others depending on where the memory
56089c
corruption was caught):
56089c
56089c
  Program received signal SIGABRT, Aborted.
56089c
  0x00007ffff7905625 in raise () from /lib64/libc.so.6
56089c
  (gdb) bt
56089c
  #0  0x00007ffff7905625 in raise () from /lib64/libc.so.6
56089c
  #1  0x00007ffff78ee8d9 in abort () from /lib64/libc.so.6
56089c
  #2  0x00007ffff79494af in __libc_message () from /lib64/libc.so.6
56089c
  #3  0x00007ffff7950a6c in malloc_printerr () from /lib64/libc.so.6
56089c
  #4  0x00007ffff79528d0 in _int_free () from /lib64/libc.so.6
56089c
  #5  0x00005555555bdd6e in free_key_store ()
56089c
  #6  0x0000555555589027 in main ()
56089c
  (gdb) quit
56089c
56089c
(cherry picked from commit 8c42f772614b44a8cb974afa904ec9f518431ab2
56089c
in libguestfs-common)
56089c
---
56089c
 common/options/keys.c | 3 ++-
56089c
 1 file changed, 2 insertions(+), 1 deletion(-)
56089c
56089c
diff --git a/common/options/keys.c b/common/options/keys.c
56089c
index 7f689866b..f783066ff 100644
56089c
--- a/common/options/keys.c
56089c
+++ b/common/options/keys.c
56089c
@@ -216,7 +216,8 @@ key_store_import_key (struct key_store *ks, const struct key_store_key *key)
56089c
   }
56089c
   assert (ks != NULL);
56089c
 
56089c
-  new_keys = realloc (ks->keys, sizeof (*ks->keys) + 1);
56089c
+  new_keys = realloc (ks->keys,
56089c
+                      (ks->nr_keys + 1) * sizeof (struct key_store_key));
56089c
   if (!new_keys)
56089c
     error (EXIT_FAILURE, errno, "realloc");
56089c
 
56089c
-- 
56089c
2.21.0
56089c