Description of problem:
The function ss_execute_line in execute_cmd.c contains the following code:
/* parse it */
argv = ss_parse(sci_idx, line_ptr, &argc);
if (argc == 0)
Potentially we need to free argv before early return since it was allocated
memory. We need to be careful and check argv since it may be possible for
ss_parse() to have freed the memory allocated to it if it detects an unbalanced
set of quotes passed to it.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Also tricky to reproduce this one. I'm not familiar with ss's internals to come
up with a test case that will clearly show this problem, but again the flaw is
ss_execute_line may fail to free resources allocated by it.
ss_execute_line correctly frees resources allocated by it.
Created attachment 148070 [details]
Correct freeing of argv in ss_execute_line
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
upstream commit http://thunk.org/hg/e2fsprogs/?rev/68907ddfca40
Applying a DEV_ACK for Eric Sandeen <firstname.lastname@example.org>. This bug
was found by coverity and has a patch available.
In cvs as of e2fsprogs-1.35-12.7.el4
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.