From 511e6ce6d4dbeef23afc3b7f3b5f744b70398353 Mon Sep 17 00:00:00 2001 From: Matěj Grabovský Date: Oct 13 2020 09:11:22 +0000 Subject: Add upstream patch for an invalid read bug --- diff --git a/0002-hooklib-Proper-freeing-of-backtrace.patch b/0002-hooklib-Proper-freeing-of-backtrace.patch new file mode 100644 index 0000000..a9ded17 --- /dev/null +++ b/0002-hooklib-Proper-freeing-of-backtrace.patch @@ -0,0 +1,40 @@ +From 5fa7b1f84fb02ca5dcf50d27f4bc14563c1918f6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= +Date: Mon, 12 Oct 2020 19:14:03 +0200 +Subject: [PATCH] hooklib: Proper freeing of backtrace + +Improper bracing caused the bt variable to be freed every time in every +iteration no matter what. This would then lead to an invalid (freed) +pointer being returned by the function. + +The mistake was made in 1f2963b0 and reported by Jeff Law. +--- + src/lib/hooklib.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/lib/hooklib.c b/src/lib/hooklib.c +index 56b77bc3..fc2a6a00 100644 +--- a/src/lib/hooklib.c ++++ b/src/lib/hooklib.c +@@ -361,13 +361,17 @@ char *abrt_get_backtrace(struct dump_dir *dd, unsigned timeout_sec, const char * + + bt_depth /= 2; + if (bt) ++ { + log_warning("Backtrace is too big (%u bytes), reducing depth to %u", + (unsigned)strlen(bt), bt_depth); ++ } + else ++ { + /* (NB: in fact, current impl. of exec_vp() never returns NULL) */ + log_warning("Failed to generate backtrace, reducing depth to %u", + bt_depth); +- free(bt); ++ g_clear_pointer(&bt, free); ++ } + + /* Replace -ex disassemble (which disasms entire function $pc points to) + * to a version which analyzes limited, small patch of code around $pc. +-- +2.26.2 + diff --git a/abrt.spec b/abrt.spec index 362d5ef..b82ff38 100644 --- a/abrt.spec +++ b/abrt.spec @@ -49,12 +49,13 @@ Summary: Automatic bug detection and reporting tool Name: abrt Version: 2.14.4 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ URL: https://abrt.readthedocs.org/ Source: https://github.com/abrt/%{name}/archive/%{version}/%{name}-%{version}.tar.gz Patch0: 0001-hooklib-Don-t-g_autofree-backtrace.patch +Patch1: 0002-hooklib-Proper-freeing-of-backtrace.patch BuildRequires: git-core BuildRequires: %{dbus_devel} @@ -1010,6 +1011,9 @@ killall abrt-dbus >/dev/null 2>&1 || : %config(noreplace) %{_sysconfdir}/profile.d/abrt-console-notification.sh %changelog +* Tue Oct 13 2020 Matěj Grabovský - 2.14.4-3 +- Add upstream patch for an invalid read bug + * Thu Sep 24 2020 Matěj Grabovský - 2.14.4-2 - Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1881745