[Bug 1838890] Re: Suspected memory leak in xenial backport of fix for CVE-2019-13012
Sebastien Bacher
seb128 at ubuntu.com
Mon Aug 5 07:06:58 UTC 2019
Thanks for the report Simon! Leo, could you have a look?
** Changed in: glib2.0 (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glib2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1838890
Title:
Suspected memory leak in xenial backport of fix for CVE-2019-13012
Status in glib2.0 package in Ubuntu:
New
Bug description:
(This is only from source code inspection, not tested in real use - I
don't actually use Ubuntu.)
The upstream fix for CVE-2019-13012 included this change:
- g_file_make_directory_with_parents (kfsb->dir, NULL, NULL);
+ g_mkdir_with_parents (g_file_peek_path (kfsb->dir), 0700);
However, g_file_peek_path() was only introduced in GLib 2.56. The
backport in the xenial package has this instead:
- g_file_make_directory_with_parents (kfsb->dir, NULL, NULL);
+ g_mkdir_with_parents (g_file_get_path (kfsb->dir), 0700);
This is not equivalent. The difference between g_file_peek_path() and
the older g_file_get_path() is that g_file_get_path() makes a copy,
which must be freed with g_free() after use. As a result, there is now
a memory leak.
A non-leaky backport would look something like this, which is what
I've done in a proposed backport for Debian 9 'stretch':
+ char *dir;
...
- g_file_make_directory_with_parents (kfsb->dir, NULL, NULL);
+ dir = g_file_get_path (kfsb->dir);
+ g_mkdir_with_parents (dir, 0700);
+ g_free (dir);
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/1838890/+subscriptions
More information about the foundations-bugs
mailing list