Description of problem: The function ss_execute_line in execute_cmd.c contains the following code: /* parse it */ argv = ss_parse(sci_idx, line_ptr, &argc); if (argc == 0) return 0; Potentially we need to free argv before early return since it was allocated memory. We need to be careful and check argv since it may be possible for ss_parse() to have freed the memory allocated to it if it detects an unbalanced set of quotes passed to it. Version-Release number of selected component (if applicable): e2fsprogs-1.35-12.4.EL4 How reproducible: Not sure. Steps to Reproduce: Also tricky to reproduce this one. I'm not familiar with ss's internals to come up with a test case that will clearly show this problem, but again the flaw is fairly obvious. Actual results: ss_execute_line may fail to free resources allocated by it. Expected results: ss_execute_line correctly frees resources allocated by it.
Created attachment 148070 [details] Correct freeing of argv in ss_execute_line
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
upstream commit http://thunk.org/hg/e2fsprogs/?rev/68907ddfca40
Applying a DEV_ACK for Eric Sandeen <sandeen>. This bug was found by coverity and has a patch available.
In cvs as of e2fsprogs-1.35-12.7.el4
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0758.html