Double-free in atf-c/map.c in low memory scenarios

freebsd / atf

Libraries to write tests in C, C++ and shell

Other

127 stars 44 forks source link

Double-free in atf-c/map.c in low memory scenarios #23

Closed ngie-eign closed 8 years ago

ngie-eign commented 8 years ago

Per https://svnweb.freebsd.org/base?view=revision&revision=299496 :

atf map: Fix double-free in low memory error path

If atf_list_append(, X, ) fails, X is freed.  Don't free it again.

If anyone wants to walk this patch upstream, be my guest.  I literally cannot
upstream it myself due to Google's stupid CLA.

Reported by:    Coverity
CID:        979936
Sponsored by:   EMC / Isilon Storage Division

jmmv commented 8 years ago

Thanks for forwarding this.

I took a quick look the other day and I think the fix is wrong: the internals of atf_list seem to not be properly respecting the managed=false flag. I need to look at this in more detail though.