Bug#1080068: anthy: A suspicious double free in 'src-util/rkconv.c'

To: submit@bugs.debian.org
Subject: Bug#1080068: anthy: A suspicious double free in 'src-util/rkconv.c'
From: r10922044 <r10922044@ntu.edu.tw>
Date: Fri, 30 Aug 2024 17:05:09 +0800
Message-id: <[🔎] aacf11e868a9aa9e32b4b3cd55dba6e8@ntu.edu.tw>
Reply-to: r10922044 <r10922044@ntu.edu.tw>, 1080068@bugs.debian.org

Package: anthy

Version: 1:0.4-3

Dear Maintainers,

We are researching static analysis for recurring vulnerabilities. When using our tool to test on 'anthy', we found a suspicious double-free bug at 'rk_sort_rule' in 'src-util/rkconv.c'. 'rules' allocated in line 645 would be freed twice by 'rk_rules_free' in line 663 (which contains 'free' in line 766) and 'free' in line 664 when going to 'ERROR'. We suggested that 'free' in line 664 should be deleted for the patch.

Thank you for maintaining anthy.

Best regards

Reply to:

Prev by Date: Processing of ibus-typing-booster_2.25.15-1_source.changes
Next by Date: Bug#1080107: fcitx5-m17n: FTBFS: 1 - testm17n (Subprocess aborted)
Previous by thread: Processing of ibus-typing-booster_2.25.15-1_source.changes
Next by thread: Bug#1080107: fcitx5-m17n: FTBFS: 1 - testm17n (Subprocess aborted)
Index(es):
- Date
- Thread