From nobody Sun Feb 8 10:03:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1643640851; cv=none; d=zohomail.com; s=zohoarc; b=bke+M8wB/bFYDwWhtOgpqs451PiImQdZxZZ0JFtJShSXmU7k6yzMNaEpRpbHyv9/jHOKwI5ENI8bbwdhDdmcHxNLr+4vYIiDFck91fYnH6WjS1R4LLKKhfETCu3eYGEJ+3jy7NWb0vUQdSJ0gO501X64WCQMYI5H5QZQn6z8hvo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1643640851; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=DVu7xudJHFMlJEGQ16sdmECAUdzg25Ruv2wxkfyimLo=; b=Z0yFW4OYKHihiLvS0S+3Um/xoxm8m6s7p9ZZn9wPU5LfWi+d7u++Ic4zkz6bH1AV6wtfp820saWHjHZnL/iUdLc+Zm67JipxHfbOgZpxgxJe+hj4D6pYLxLlIZqp8U6ZlszqQGbYlCCZE6r14cNfgdxbJi0VuwbN2iTDXCaI3H8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1643640850992668.5167451940398; Mon, 31 Jan 2022 06:54:10 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-549-m5dr0jGIOb-rY5c-4-sZnQ-1; Mon, 31 Jan 2022 09:54:09 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0A0DC1006AA5; Mon, 31 Jan 2022 14:54:04 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DADCD70D2E; Mon, 31 Jan 2022 14:54:03 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A1AE94A7C9; Mon, 31 Jan 2022 14:54:03 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 20VErvbT004684 for ; Mon, 31 Jan 2022 09:53:57 -0500 Received: by smtp.corp.redhat.com (Postfix) id 930AD84A1A; Mon, 31 Jan 2022 14:53:57 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.193.157]) by smtp.corp.redhat.com (Postfix) with ESMTP id 15B5184A3E for ; Mon, 31 Jan 2022 14:53:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1643640850; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=DVu7xudJHFMlJEGQ16sdmECAUdzg25Ruv2wxkfyimLo=; b=B5NQzQsRr7RqjrfUbnNULRnOC6UUw6/+Jprq1mE8Iv5RZ5KANZI/DjEDskQzmCi0CAY+Yb oaUuRkTNHM/owY9ylqdgsEtP2UEBZE5RpkvedVrpA12389UmkAfgXHXg4ATvEXMOhT4I9a OFzwpq+9Ew41qBi4P92Y35B0pT7RnDI= X-MC-Unique: m5dr0jGIOb-rY5c-4-sZnQ-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 3/4] virpcivpdtest: Fix potential double-free() Date: Mon, 31 Jan 2022 15:53:41 +0100 Message-Id: <02e657f43e229deb0ee97639b14edda647a7ef51.1643640752.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1643640853355100001 Content-Type: text/plain; charset="utf-8" Inside the testPCIVPDResourceCustomCompareIndex() function we have two variables @a and @b, both marked as g_autoptr(). Then, towards the end of the function b->value is freed and set to a->value. This is to make sure virPCIVPDResourceCustomCompareIndex() works correctly even if ->value member is the same for both arguments. Nevertheless, if the function returns anything else than 0 then the control executes subsequent return statement and since b->value points to the very same string as a->value a double free will occur. Avoid this by setting b->value to NULL explicitly, just like we are already doing for the successful path. Signed-off-by: Michal Privoznik --- tests/virpcivpdtest.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/virpcivpdtest.c b/tests/virpcivpdtest.c index a6bf46b103..a5f4abae6f 100644 --- a/tests/virpcivpdtest.c +++ b/tests/virpcivpdtest.c @@ -229,8 +229,10 @@ testPCIVPDResourceCustomCompareIndex(const void *data = G_GNUC_UNUSED) /* Different index, same value pointers */ g_free(b->value); b->value =3D a->value; - if (virPCIVPDResourceCustomCompareIndex(b, a)) + if (virPCIVPDResourceCustomCompareIndex(b, a)) { + b->value =3D NULL; return -1; + } =20 b->value =3D NULL; =20 --=20 2.34.1