]> git.ipfire.org Git - thirdparty/libarchive.git/commit
projects / thirdparty / libarchive.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 851adb9) | patch
Avoid a double-free when a window size of 0 is specified
authorDaniel Axtens <dja@axtens.net>
Tue, 20 Nov 2018 06:56:29 +0000 (17:56 +1100)
committerDaniel Axtens <dja@axtens.net>
Tue, 11 Dec 2018 02:58:11 +0000 (13:58 +1100)
commit021efa522ad729ff0f5806c4ce53e4a6cc1daa31
tree86358b61eee3c36041e9f35824e85a322295de97tree
parent851adb9602f1acdb090067bb4f297cd609dfa28ccommit | diff
Avoid a double-free when a window size of 0 is specified

new_size can be 0 with a malicious or corrupted RAR archive.

realloc(area, 0) is equivalent to free(area), so the region would
be free()d here and the free()d again in the cleanup function.

Found with a setup running AFL, afl-rb, and qsym.
libarchive/archive_read_support_format_rar.c diff | blob | blame | history
Mirror of https://github.com/libarchive/libarchive.git