This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch master in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=04b6b5bb2def5e361ae54d44664602fbeacb4398 commit 04b6b5bb2def5e361ae54d44664602fbeacb4398 Author: Guillem Jover <[email protected]> AuthorDate: Wed Mar 6 03:52:10 2019 +0100 libdpkg: Set tar_entry to zero on tar_entry_destroy() When we are destroying a tar_entry we need to zero the struct, otherwise we will end up freeing already freed memory and crashing. --- debian/changelog | 2 ++ lib/dpkg/tarfn.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/debian/changelog b/debian/changelog index 07c381ae5..e600badcd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,8 @@ dpkg (1.19.6) UNRELEASED; urgency=medium [ Guillem Jover ] * libdpkg: Add a new TAR_FORMAT_UNKNOWN enum value. + * libdpkg: Set tar_entry to zero on tar_entry_destroy(), to avoid double + free()s and the subsequent crashes. * Packaging: - Update usertags. - Install a lintian profile for dpkg based on the debian profile, so that diff --git a/lib/dpkg/tarfn.c b/lib/dpkg/tarfn.c index afcce0ee5..757e0e323 100644 --- a/lib/dpkg/tarfn.c +++ b/lib/dpkg/tarfn.c @@ -408,6 +408,8 @@ tar_entry_destroy(struct tar_entry *te) free(te->linkname); free(te->stat.uname); free(te->stat.gname); + + memset(te, 0, sizeof(*te)); } struct tar_symlink_entry { -- Dpkg.Org's dpkg
