Package: libasyncns0
Severity: minor
Tags: upstream patch
Hello.
Since I forwarded my bugreport, I'll also forward this one, quite
obvious, and still present one, reported by Olof Sivertsson:
https://bugs.freedesktop.org/show_bug.cgi?id=91859
Bug applies to libasyncns release 0.8 and current git revision 68cd5a.
Both asyncns_setuserdata(...) and asyncns_getuserdata(...) contain the
following line:
assert(q->asyncns = asyncns);
I believe this should not be assignment, but a check for equality, as is
correctly done already in asyncns_isdone(...):
assert(q->asyncns == asyncns);
This bug probably does not realistically affect anything right now, but
theoretically it's a bad thing, since in an environment, where there's
several asyncns objects, a programming error instead of triggering
assertion may reassign query object to another asyncns object, that may
lead to various use-after-free issues and mystical bugs/crashes.
-- System Information:
Debian Release: 9.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64
(x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=uk_UA.UTF-8, LC_CTYPE=uk_UA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- a/libasyncns/asyncns.c 2009-10-15 04:49:09.000000000 +0300
+++ b/libasyncns/asyncns.c 2017-05-15 01:24:47.573562843 +0300
@@ -1506,7 +1506,7 @@
void asyncns_setuserdata(asyncns_t *asyncns, asyncns_query_t *q, void
*userdata) {
assert(q);
assert(asyncns);
- assert(q->asyncns = asyncns);
+ assert(q->asyncns == asyncns);
q->userdata = userdata;
}
@@ -1514,7 +1514,7 @@
void* asyncns_getuserdata(asyncns_t *asyncns, asyncns_query_t *q) {
assert(q);
assert(asyncns);
- assert(q->asyncns = asyncns);
+ assert(q->asyncns == asyncns);
return q->userdata;
}
