[OE-core] [PATCH v2 4/4] cve-check-tool: fix crash on exceptions
Marko, Peter
Peter.Marko at siemens.com
Wed Jun 7 16:20:42 UTC 2017
> the commit shortlog does not match what the patch is doing, unless the new replaced function is the one avoiding exceptions..
The fixed issue is tracked under https://github.com/ikeydoherty/cve-check-tool/issues/60
It says "crash on bad pointer free".
It fixes crash when freeing invalid pointer, which happened on sqlite exceptions.
If necessary, I can update the commit message with longer explanation.
On Wed, 2017-06-07 at 08:04 +0200, Peter Marko wrote:
> This fixes cve-check-tool crashes on exceptions.
>
> Signed-off-by: Peter Marko <peter.marko at siemens.com>
> ---
> .../cve-check-tool/cve-check-tool_5.6.4.bb | 1 +
> ...01-Fix-freeing-memory-allocated-by-sqlite.patch | 50
> ++++++++++++++++++++++
> 2 files changed, 51 insertions(+)
> create mode 100644
> meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-all
> ocated-by-sqlite.patch
>
> diff --git
> a/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb
> b/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb
> index 1f906ee..4829b11 100644
> --- a/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb
> +++ b/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb
> @@ -11,6 +11,7 @@ SRC_URI = "https://github.com/ikeydoherty/${BPN}/releases/download/v${PV}/${BP}.
> file://0001-print-progress-in-percent-when-downloading-CVE-db.patch \
> file://0001-curl-allow-overriding-default-CA-certificate-file.patch \
>
> file://0001-update-Compare-computed-vs-expected-sha256-digit-str.patch
> \
> + file://0001-Fix-freeing-memory-allocated-by-sqlite.patch \
> "
>
> SRC_URI[md5sum] = "c5f4247140fc9be3bf41491d31a34155"
> diff --git
> a/meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-a
> llocated-by-sqlite.patch
> b/meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-a
> llocated-by-sqlite.patch
> new file mode 100644
> index 0000000..4a82cf2
> --- /dev/null
> +++ b/meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memo
> +++ ry-allocated-by-sqlite.patch
> @@ -0,0 +1,50 @@
> +From a3353429652f83bb8b0316500faa88fa2555542d Mon Sep 17 00:00:00
> +2001
> +From: Peter Marko <peter.marko at siemens.com>
> +Date: Thu, 13 Apr 2017 23:09:52 +0200
> +Subject: [PATCH] Fix freeing memory allocated by sqlite
> +
> +Upstream-Status: Backport
> +Signed-off-by: Peter Marko <peter.marko at siemens.com>
> +---
> + src/core.c | 8 ++++----
> + 1 file changed, 4 insertions(+), 4 deletions(-)
> +
> +diff --git a/src/core.c b/src/core.c
> +index 6263031..6788f16 100644
> +--- a/src/core.c
> ++++ b/src/core.c
> +@@ -82,7 +82,7 @@ static bool ensure_table(CveDB *self)
> + rc = sqlite3_exec(self->db, query, NULL, NULL, &err);
> + if (rc != SQLITE_OK) {
> + fprintf(stderr, "ensure_table(): %s\n", err);
> +- free(err);
> ++ sqlite3_free(err);
> + return false;
> + }
> +
> +@@ -91,7 +91,7 @@ static bool ensure_table(CveDB *self)
> + rc = sqlite3_exec(self->db, query, NULL, NULL, &err);
> + if (rc != SQLITE_OK) {
> + fprintf(stderr, "ensure_table(): %s\n", err);
> +- free(err);
> ++ sqlite3_free(err);
> + return false;
> + }
> +
> +@@ -99,11 +99,11 @@ static bool ensure_table(CveDB *self)
> + rc = sqlite3_exec(self->db, query, NULL, NULL, &err);
> + if (rc != SQLITE_OK) {
> + fprintf(stderr, "ensure_table(): %s\n", err);
> +- free(err);
> ++ sqlite3_free(err);
> + return false;
> + }
> + if (err) {
> +- free(err);
> ++ sqlite3_free(err);
> + }
> +
> + return true;
> +--
> +2.1.4
> +
> --
> 2.1.4
>
More information about the Openembedded-core
mailing list