In the function merge_state_with_log(), memory is allocated for the variable
next_nodes when creating a union of the variables table_nodes and log_nodes.
However, if next_state->entrance_nodes is NULL, then table_nodes becomes NULL
and we still allocate memory to copy the content of log_nodes. This can cause a
resource leak since we only free the memory for next_nodes if table_nodes isn't
NULL. To prevent this, we need to check that next_state->entrance_nodes isn't
NULL before allocating memory for the union.
This issue has been fixed in the latest version of gnulib and I've backported
this change to maintain consistency.
This issue was found by a Coverity Scan of GRUB2 under the following CID:
CID: 473887
Signed-off-by: Alec Brown <alec.r.br...@oracle.com>
---
bootstrap.conf | 4 +++-
conf/Makefile.extra-dist | 1 +
.../gnulib-patches/fix-regexec-resource-leak.patch | 11 +++++++++++
3 files changed, 15 insertions(+), 1 deletion(-)
create mode 100644 grub-core/lib/gnulib-patches/fix-regexec-resource-leak.patch
diff --git a/bootstrap.conf b/bootstrap.conf
index 7a464a289..7cd375ba9 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -84,7 +84,9 @@ bootstrap_post_import_hook () {
# Instead of patching our gnulib and therefore maintaining a fork, submit
# changes to gnulib and update the hash above when they've merged. Do not
# add new patches here.
- for patchname in fix-width fix-regcomp-resource-leak; do
+ for patchname in fix-width \
+ fix-regcomp-resource-leak \
+ fix-regexec-resource-leak; do
patch -d grub-core/lib/gnulib -p2 \
< "grub-core/lib/gnulib-patches/$patchname.patch"
done
diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
index 5bf3da429..07eee1956 100644
--- a/conf/Makefile.extra-dist
+++ b/conf/Makefile.extra-dist
@@ -31,6 +31,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regcomp-resource-leak.patch
+EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-resource-leak.patch
EXTRA_DIST += grub-core/lib/libgcrypt
EXTRA_DIST += grub-core/lib/libgcrypt-grub/mpi/generic
diff --git a/grub-core/lib/gnulib-patches/fix-regexec-resource-leak.patch
b/grub-core/lib/gnulib-patches/fix-regexec-resource-leak.patch
new file mode 100644
index 000000000..f490e05fb
--- /dev/null
+++ b/grub-core/lib/gnulib-patches/fix-regexec-resource-leak.patch
@@ -0,0 +1,11 @@
+--- a/lib/regexec.c
++++ b/lib/regexec.c
+@@ -2270,7 +2270,7 @@ merge_state_with_log (reg_errcode_t *err,
re_match_context_t *mctx,
+ these destinations and the results of the transition table. */
+ pstate = mctx->state_log[cur_idx];
+ log_nodes = pstate->entrance_nodes;
+- if (next_state != NULL)
++ if (next_state != NULL && next_state->entrance_nodes != NULL)
+ {
+ table_nodes = next_state->entrance_nodes;
+ *err = re_node_set_init_union (&next_nodes, table_nodes,
--
2.27.0
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
