Bug 609628

Summary: Fix shadow property use-after-free
Product: Red Hat Enterprise Linux 6 Reporter: Dan Williams <dcbw>
Component: dbus-glibAssignee: Colin Walters <walters>
Status: CLOSED CURRENTRELEASE QA Contact: desktop-bugs <desktop-bugs>
Severity: medium Docs Contact:
Priority: low    
Version: 6.0CC: cmeadors
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: dbus-glib-0.86-5.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-11-15 13:54:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dan Williams 2010-06-30 17:08:00 UTC
https://bugs.freedesktop.org/show_bug.cgi?id=28835

While we don't have anything in RHEL6 that uses shadow properties in dbus-glib, we may in the near future and the fix is very low-risk.  This shows up when using a mix of shadow properties and normal properties as either a crash in the program using dbus-glib, or it's easily seen in Valgrind as a use-after-free in lookup_property_name().

Comment 1 RHEL Program Management 2010-06-30 17:23:12 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.

Comment 2 Colin Walters 2010-07-09 17:30:32 UTC
This is an obvious fix that is in upstream dbus-glib now:

http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=7f054d7bce4b2ea74e5268f2cf65c467773ee14f

Marking as devel_ack+

Comment 6 releng-rhel@redhat.com 2010-11-15 13:54:24 UTC
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.