Fix double free in resolve.c:
There is possible double free when calling jevent_free_extra.
The memory is allocated in jevent_copy_extra. The gl_pathv in glob_t is an array of char pointers. The function copied the pointers, but not the strings they point to. Later when memory was freed with globfree in jevent_free_extra() it could cause double free and undefined behavior. Now the strings pointed in array are copied one by one.
Fix possible issue with providing null pointer to strdup in jevents.c.
If event description was missing in input JSON file, the desc variable was left as NULL in json_events(). It was later provided to strdup in collect_events(). Now the desc is initialized to default string if not found in JSON file.
Fix issue with conditional jump or move depends on uninitialised value. The issue was detected by valgrind.
Conditional jump or move depends on uninitialised value(s)
at 0x405B89: countchar (json.c:114)
by 0x405B89: json_line (json.c:123)
by 0x403675: json_events (jevents.c:268)
...
andikleen
commented
3 years ago
Fix double free in resolve.c: There is possible double free when calling
jevent_free_extra. The memory is allocated injevent_copy_extra. Thegl_pathvinglob_tis an array of char pointers. The function copied the pointers, but not the strings they point to. Later when memory was freed withglobfreeinjevent_free_extra()it could cause double free and undefined behavior. Now the strings pointed in array are copied one by one.Fix possible issue with providing null pointer to
strdupin jevents.c. If event description was missing in input JSON file, thedescvariable was left as NULL injson_events(). It was later provided tostrdupincollect_events(). Now thedescis initialized to default string if not found in JSON file.Fix issue with conditional jump or move depends on uninitialised value. The issue was detected by valgrind.