[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#988278: [pre-approval] unblock: libgetdata/0.10.0-10

Control: tags -1 -moreinfo

Hi Sebastian,

Thanks for looking into this issue. Yes, it is intentional. We should always
check whether first_raw is NULL or not.

I have reproduced the issue in the CI-pipeline [1], and the proposed patch fixes
the issue [2]: no more segfault, just an error message due to exploit.

[1] https://salsa.debian.org/science-team/libgetdata/-/jobs/1631525
[2] https://salsa.debian.org/science-team/libgetdata/-/jobs/1633848

Anton


Am Mo., 10. Mai 2021 um 22:27 Uhr schrieb Sebastian Ramacher <sramacher@debian.org>:
<skip>
> +--- libgetdata-0.10.0.orig/src/parse.c
> ++++ libgetdata-0.10.0/src/parse.c
> +@@ -2504,6 +2504,9 @@ char *_GD_ParseFragment(FILE *restrict f
> +     if (D->error == GD_E_OK && !match)
> +       first_raw = _GD_ParseFieldSpec(D, p, n_cols, in_cols, strlen(in_cols[0]),
> +           NULL, me, 0, 1, &outstring, tok_pos);
> ++      if (first_raw == NULL) {
> ++        _GD_SetError(D, GD_E_BAD_DIRFILE, GD_E_ENTRY_TYPE, NULL, 0, NULL);
> ++      }

Is it intentional that newly addeded if is evaluated in any case or is
this patch missing curly brackets for the body of "if (D->error =
GD_E_OK && !match)"?
Reply to: