Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix double free in clib-package #309

Merged
merged 2 commits into from
May 7, 2024
Merged

Fix double free in clib-package #309

merged 2 commits into from
May 7, 2024

Conversation

r10nw7fd3
Copy link
Contributor

This PR fixes two double frees in clib_package_new_from_slug_with_package_name(), which were
found and reported by @HoshinoStranding (thank you!)
It appears that git has run a code-formatting pre-commit hook on the first commit, making it
a little messy, but at it's core we simply assign NULL to just-freed variables so that we don't try to
free them again. I also removed a few unnecessary nullability checks, since the initial ones are
done right after calling the corresponding parse functions and are more than enough.
Fixes: #307 #308

@r10nw7fd3
fix(clib-package): Double free
b99047c
@r10nw7fd3
chore(clib-package): Remove redundant nullability checks
956478d 
Since the check is done right after calling `parse_repo_{owner,version}()`,
there is no need to do that down into the function.
Besides that, if `author` was ever null, a call to `strdup(author)`
would invoke undefined behaviour.
@jwerle jwerle merged commit d6b744f into clibs:master May 7, 2024
2 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jwerle jwerle jwerle approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Potential Double Free Vulnerability
2 participants
@r10nw7fd3 @jwerle