search

avast / authenticode-parser

Authenticode-parser is a simple C library for Authenticode format parsing using OpenSSL.
MIT License
16 stars 8 forks source link

GCC 12 is reporting use-after-free warnings #10

Closed s3rvac closed 2 years ago

s3rvac commented 2 years ago

When building the library on Arch Linux with GCC 12, several use-after-free warnings are emitted.

Steps to reproduce:

git clone https://github.com/avast/authenticode-parser/ && cd authenticode-parser
mkdir build && cd build
cmake ..
make

Expected output:

No warnings are reported.

Actual output:

authenticode-parser/src/authenticode.c: In function ‘authenticode_new’:
authenticode-parser/src/authenticode.c:306:20: warning: pointer ‘result’ used after ‘free’ [-Wuse-after-free]
  306 |         free(result->signatures);
      |              ~~~~~~^~~~~~~~~~~~
authenticode-parser/src/authenticode.c:305:9: note: call to ‘free’ here
  305 |         free(result);
      |         ^~~~~~~~~~~~
authenticode-parser/src/certificate.c: In function ‘parse_signer_chain’:
authenticode-parser/src/certificate.c:159:36: warning: pointer ‘result’ may be used after ‘free’ [-Wuse-after-free]
  159 |             certificate_free(result->certs[i]);
      |                              ~~~~~~^~~~~~~
authenticode-parser/src/certificate.c:156:5: note: call to ‘free’ here
  156 |     free(result);
      |     ^~~~~~~~~~~~
authenticode-parser/src/certificate.c:161:20: warning: pointer ‘result’ may be used after ‘free’ [-Wuse-after-free]
  161 |         free(result->certs);
      |              ~~~~~~^~~~~~~
authenticode-parser/src/certificate.c:156:5: note: call to ‘free’ here
  156 |     free(result);
      |     ^~~~~~~~~~~~
authenticode-parser/src/certificate.c:158:38: warning: pointer ‘result’ may be used after ‘free’ [-Wuse-after-free]
  158 |         for (size_t i = 0; i < result->count; ++i) {
      |                                ~~~~~~^~~~~~~
authenticode-parser/src/certificate.c:156:5: note: call to ‘free’ here
  156 |     free(result);
      |     ^~~~~~~~~~~~
HoundThe commented 2 years ago

Thank you very much for the report, those are real use after free issues due to bad free() order in some rare error handling branches. I am surprised that the older version, clang, msvc or cppcheck didn't pick up on this.

s3rvac commented 2 years ago

Thank you for a quick fix :+1:. I can confirm that there are no longer any warnings.