gnulib/regexec: Fix resource leak

In the function merge_state_with_log(), memory is allocated for the variable
next_nodes when creating a union of the variables table_nodes and log_nodes.
However, if next_state->entrance_nodes is NULL, then table_nodes becomes NULL
and we still allocate memory to copy the content of log_nodes. This can cause
a resource leak since we only free the memory for next_nodes if table_nodes
isn't NULL. To prevent this, we need to check that next_state->entrance_nodes
isn't NULL before allocating memory for the union.

This issue has been fixed in the latest version of gnulib and I've backported
this change to maintain consistency.

This issue was found by a Coverity scan of GRUB2 under the CID 473887.

Fixes: CID 473887
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

diff --git a/bootstrap.conf b/bootstrap.conf
index 7a464a289d00897cf853c3a62a3d0f12be67ea0b..7cd375ba901809ebb12bd1f18ad4f2bd71de505d 100644 (file)
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -84,7 +84,9 @@ bootstrap_post_import_hook () {
   # Instead of patching our gnulib and therefore maintaining a fork, submit
   # changes to gnulib and update the hash above when they've merged.  Do not
   # add new patches here.
-  for patchname in fix-width fix-regcomp-resource-leak; do
+  for patchname in fix-width \
+      fix-regcomp-resource-leak \
+      fix-regexec-resource-leak; do
     patch -d grub-core/lib/gnulib -p2 \
        < "grub-core/lib/gnulib-patches/$patchname.patch"
   done

diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
index 230a1d68f0640dc79ae3dca0b8a39f1301a980d5..f59b8d8b3218638b2cec1bf1dcd2a3a032eff08c 100644 (file)
--- a/conf/Makefile.extra-dist
+++ b/conf/Makefile.extra-dist
@@ -30,6 +30,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh
 
 EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
 EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regcomp-resource-leak.patch
+EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-resource-leak.patch
 
 EXTRA_DIST += grub-core/lib/libgcrypt
 EXTRA_DIST += grub-core/lib/libgcrypt-grub/mpi/generic

diff --git a/grub-core/lib/gnulib-patches/fix-regexec-resource-leak.patch b/grub-core/lib/gnulib-patches/fix-regexec-resource-leak.patch
new file mode 100644 (file)
index 0000000..f490e05
--- /dev/null
+++ b/grub-core/lib/gnulib-patches/fix-regexec-resource-leak.patch
@@ -0,0 +1,11 @@
+--- a/lib/regexec.c
++++ b/lib/regexec.c
+@@ -2270,7 +2270,7 @@ merge_state_with_log (reg_errcode_t *err, re_match_context_t *mctx,
+        these destinations and the results of the transition table.  */
+       pstate = mctx->state_log[cur_idx];
+       log_nodes = pstate->entrance_nodes;
+-      if (next_state != NULL)
++      if (next_state != NULL && next_state->entrance_nodes != NULL)
+       {
+         table_nodes = next_state->entrance_nodes;
+         *err = re_node_set_init_union (&next_nodes, table_nodes,