diff options
author | Guillem Jover <guillem@debian.org> | 2019-03-06 03:52:10 +0100 |
---|---|---|
committer | Guillem Jover <guillem@debian.org> | 2019-03-24 03:30:11 +0100 |
commit | 04b6b5bb2def5e361ae54d44664602fbeacb4398 (patch) | |
tree | 8d2b57814b4ce508d70cf80c76b30959f1af6cd4 | |
parent | 3391b1f3d9f5e7ce9e08ec635350fc383187e685 (diff) | |
download | dpkg-04b6b5bb2def5e361ae54d44664602fbeacb4398.tar.gz |
libdpkg: Set tar_entry to zero on tar_entry_destroy()
When we are destroying a tar_entry we need to zero the struct, otherwise
we will end up freeing already freed memory and crashing.
-rw-r--r-- | debian/changelog | 2 | ||||
-rw-r--r-- | lib/dpkg/tarfn.c | 2 |
2 files changed, 4 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 07c381ae5..e600badcd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,8 @@ dpkg (1.19.6) UNRELEASED; urgency=medium [ Guillem Jover ] * libdpkg: Add a new TAR_FORMAT_UNKNOWN enum value. + * libdpkg: Set tar_entry to zero on tar_entry_destroy(), to avoid double + free()s and the subsequent crashes. * Packaging: - Update usertags. - Install a lintian profile for dpkg based on the debian profile, so that diff --git a/lib/dpkg/tarfn.c b/lib/dpkg/tarfn.c index afcce0ee5..757e0e323 100644 --- a/lib/dpkg/tarfn.c +++ b/lib/dpkg/tarfn.c @@ -408,6 +408,8 @@ tar_entry_destroy(struct tar_entry *te) free(te->linkname); free(te->stat.uname); free(te->stat.gname); + + memset(te, 0, sizeof(*te)); } struct tar_symlink_entry { |