From: "trieu2.huynh" <[email protected]> The function curl_header_cb uses g_autofree with g_strstrip(g_strndup(...)). However, g_strstrip may return a pointer that is an offset from the original allocated memory, causing g_autofree to attempt to free an invalid pointer or leak the original.
Separate the allocation and the stripping to ensure the original pointer is correctly tracked and freed. Resolves: CID 1645633 Signed-off-by: Trieu Huynh <[email protected]> --- block/curl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/block/curl.c b/block/curl.c index 66aecfb20e..5b66c80704 100644 --- a/block/curl.c +++ b/block/curl.c @@ -208,7 +208,8 @@ static size_t curl_header_cb(void *ptr, size_t size, size_t nmemb, void *opaque) { BDRVCURLState *s = opaque; size_t realsize = size * nmemb; - g_autofree char *header = g_strstrip(g_strndup(ptr, realsize)); + g_autofree char *header = g_strndup(ptr, realsize); + g_strstrip(header); char *val = strchr(header, ':'); if (!val) { -- 2.43.0
