From 9c657adefedb4f9b0392cdbb993bb688a5907c35 Mon Sep 17 00:00:00 2001 From: Björn Esser Date: Dec 13 2017 19:36:53 +0000 Subject: Add upstream patch fixing invalid free in some cases --- diff --git a/json-c-0.13_json_object_avoid_invalid_free.patch b/json-c-0.13_json_object_avoid_invalid_free.patch new file mode 100644 index 0000000..5aefc5c --- /dev/null +++ b/json-c-0.13_json_object_avoid_invalid_free.patch @@ -0,0 +1,26 @@ +From 1c1c14271eadeb35dc2fb38e199bde2e90ff4ea3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= +Date: Wed, 13 Dec 2017 19:22:52 +0100 +Subject: [PATCH] json_object: Avoid double free (and thus a segfault) when + ref_count gets < 0 + +--- + json_object.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/json_object.c b/json_object.c +index 042477a71b..b94b9e222a 100644 +--- a/json_object.c ++++ b/json_object.c +@@ -189,9 +189,9 @@ int json_object_put(struct json_object *jso) + * as that can result in the thread that loses the race to 0 + * operating on an already-freed object. + */ +- if (__sync_sub_and_fetch(&jso->_ref_count, 1) > 0) return 0; ++ if (__sync_sub_and_fetch(&jso->_ref_count, 1) != 0) return 0; + #else +- if (--jso->_ref_count > 0) return 0; ++ if (--jso->_ref_count != 0) return 0; + #endif + + if (jso->_user_delete) diff --git a/json-c.spec b/json-c.spec index 8f8411e..04452da 100644 --- a/json-c.spec +++ b/json-c.spec @@ -16,7 +16,7 @@ Name: json-c Version: 0.13 -Release: 3%{?dist} +Release: 4%{?dist} Summary: JSON implementation in C License: MIT @@ -30,6 +30,7 @@ Source1: %{url}/archive/%{name}-%{version_old}-%{reldate_old}.tar.gz Patch0: %{url}/pull/386.patch#/%{name}-0.13_Makefile_add_aclocal_amflags.patch Patch1: %{url}/commit/94fd101601c24627ae44498a7a73e9f2d9fb6e91.patch#/%{name}-0.13_json_object_add_size_t_json_c_object_sizeof_1.patch Patch2: %{url}/commit/5b6d62259afbc1709d4437b8c488de429079cae0.patch#/%{name}-0.13_json_object_add_size_t_json_c_object_sizeof_2.patch +Patch3: %{url}/pull/389.patch#/json-c-0.13_json_object_avoid_invalid_free.patch BuildRequires: libtool @@ -175,6 +176,9 @@ end %changelog +* Wed Dec 13 2017 Björn Esser - 0.13-4 +- Add upstream patch fixing invalid free in some cases + * Wed Dec 13 2017 Björn Esser - 0.13-3 - Add upstream patch for adding size_t json_c_object_sizeof() - Enable partial multi-threaded support