summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGuillem Jover <guillem@debian.org>2019-03-06 03:52:10 +0100
committerGuillem Jover <guillem@debian.org>2019-03-24 03:30:11 +0100
commit04b6b5bb2def5e361ae54d44664602fbeacb4398 (patch)
tree8d2b57814b4ce508d70cf80c76b30959f1af6cd4
parent3391b1f3d9f5e7ce9e08ec635350fc383187e685 (diff)
downloaddpkg-04b6b5bb2def5e361ae54d44664602fbeacb4398.tar.gz
libdpkg: Set tar_entry to zero on tar_entry_destroy()
When we are destroying a tar_entry we need to zero the struct, otherwise we will end up freeing already freed memory and crashing.
-rw-r--r--debian/changelog2
-rw-r--r--lib/dpkg/tarfn.c2
2 files changed, 4 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 07c381ae5..e600badcd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ dpkg (1.19.6) UNRELEASED; urgency=medium
[ Guillem Jover ]
* libdpkg: Add a new TAR_FORMAT_UNKNOWN enum value.
+ * libdpkg: Set tar_entry to zero on tar_entry_destroy(), to avoid double
+ free()s and the subsequent crashes.
* Packaging:
- Update usertags.
- Install a lintian profile for dpkg based on the debian profile, so that
diff --git a/lib/dpkg/tarfn.c b/lib/dpkg/tarfn.c
index afcce0ee5..757e0e323 100644
--- a/lib/dpkg/tarfn.c
+++ b/lib/dpkg/tarfn.c
@@ -408,6 +408,8 @@ tar_entry_destroy(struct tar_entry *te)
free(te->linkname);
free(te->stat.uname);
free(te->stat.gname);
+
+ memset(te, 0, sizeof(*te));
}
struct tar_symlink_entry {