dpkg: Fix use after free issue on error summary

We are releasing the dpkg database now after running the commands, which means that the postponed error reporting summary was trying to print messages that had already been freed from the database memory pool. Duplicate the passed strings so that we are impervious to the database life-cycle. Regression introduced in commit 3404fd24ef8020b4d6dc17adb82d7e6c035d90dc. Closes: #843874
author: Guillem Jover <guillem@debian.org> 2016-11-10 16:42:13 +0100
committer: Guillem Jover <guillem@debian.org> 2016-11-11 02:34:17 +0100
commit: 89b80a3da82ea5b10b1500d6c531432d0ce585a5 (patch)
tree: 6428c0c8e9f26f748f4e5e30ad4e6322acf006e8 /src
parent: 8ce8524a7268525b27e04cab550e92edd9ea18a5 (diff)
download: dpkg-89b80a3da82ea5b10b1500d6c531432d0ce585a5.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/src/errors.c b/src/errors.c
index 086923500..3d2d71967 100644
--- a/src/errors.c
+++ b/src/errors.c
@@ -47,7 +47,7 @@ static int nerrs = 0;
 
 struct error_report {
   struct error_report *next;
-  const char *what;
+  char *what;
 };
 
 static struct error_report *reports = NULL;
@@ -66,7 +66,7 @@ enqueue_error_report(const char *arg)
     abort_processing = true;
     nr= &emergency;
   }
-  nr->what= arg;
+  nr->what = m_strdup(arg);
   nr->next = NULL;
   *lastreport= nr;
   lastreport= &nr->next;
@@ -109,6 +109,7 @@ reportbroken_retexitstatus(int ret)
     fputs(_("Errors were encountered while processing:\n"),stderr);
     while (reports) {
       fprintf(stderr," %s\n",reports->what);
+      free(reports->what);
       reports= reports->next;
     }
   }
author	Guillem Jover <guillem@debian.org>	2016-11-10 16:42:13 +0100
committer	Guillem Jover <guillem@debian.org>	2016-11-11 02:34:17 +0100
commit	89b80a3da82ea5b10b1500d6c531432d0ce585a5 (patch)
tree	6428c0c8e9f26f748f4e5e30ad4e6322acf006e8 /src
parent	8ce8524a7268525b27e04cab550e92edd9ea18a5 (diff)
download	dpkg-89b80a3da82ea5b10b1500d6c531432d0ce585a5.tar.gz