|
|
5c13d3 |
From 218fae52ddf22c641789729b6c2af54ea7031cba Mon Sep 17 00:00:00 2001
|
|
|
56089c |
From: "Richard W.M. Jones" <rjones@redhat.com>
|
|
|
56089c |
Date: Tue, 12 Nov 2019 18:15:44 +0000
|
|
|
56089c |
Subject: [PATCH] options: Fix segfault when multiple --key parameters given.
|
|
|
56089c |
|
|
|
56089c |
Easily reproducible using:
|
|
|
56089c |
|
|
|
56089c |
$ guestfish --key dev1:key:key1 --key dev2:key:key2
|
|
|
56089c |
|
|
|
56089c |
causing this stack trace (or others depending on where the memory
|
|
|
56089c |
corruption was caught):
|
|
|
56089c |
|
|
|
56089c |
Program received signal SIGABRT, Aborted.
|
|
|
56089c |
0x00007ffff7905625 in raise () from /lib64/libc.so.6
|
|
|
56089c |
(gdb) bt
|
|
|
56089c |
#0 0x00007ffff7905625 in raise () from /lib64/libc.so.6
|
|
|
56089c |
#1 0x00007ffff78ee8d9 in abort () from /lib64/libc.so.6
|
|
|
56089c |
#2 0x00007ffff79494af in __libc_message () from /lib64/libc.so.6
|
|
|
56089c |
#3 0x00007ffff7950a6c in malloc_printerr () from /lib64/libc.so.6
|
|
|
56089c |
#4 0x00007ffff79528d0 in _int_free () from /lib64/libc.so.6
|
|
|
56089c |
#5 0x00005555555bdd6e in free_key_store ()
|
|
|
56089c |
#6 0x0000555555589027 in main ()
|
|
|
56089c |
(gdb) quit
|
|
|
56089c |
|
|
|
56089c |
(cherry picked from commit 8c42f772614b44a8cb974afa904ec9f518431ab2
|
|
|
56089c |
in libguestfs-common)
|
|
|
56089c |
---
|
|
|
56089c |
common/options/keys.c | 3 ++-
|
|
|
56089c |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
56089c |
|
|
|
56089c |
diff --git a/common/options/keys.c b/common/options/keys.c
|
|
|
56089c |
index 7f689866b..f783066ff 100644
|
|
|
56089c |
--- a/common/options/keys.c
|
|
|
56089c |
+++ b/common/options/keys.c
|
|
|
56089c |
@@ -216,7 +216,8 @@ key_store_import_key (struct key_store *ks, const struct key_store_key *key)
|
|
|
56089c |
}
|
|
|
56089c |
assert (ks != NULL);
|
|
|
56089c |
|
|
|
56089c |
- new_keys = realloc (ks->keys, sizeof (*ks->keys) + 1);
|
|
|
56089c |
+ new_keys = realloc (ks->keys,
|
|
|
56089c |
+ (ks->nr_keys + 1) * sizeof (struct key_store_key));
|
|
|
56089c |
if (!new_keys)
|
|
|
56089c |
error (EXIT_FAILURE, errno, "realloc");
|
|
|
56089c |
|
|
|
56089c |
--
|
|
|
56089c |
2.21.0
|
|
|
56089c |
|