diff -Nru whoopsie-0.2.72/debian/changelog whoopsie-0.2.73~test1/debian/changelog --- whoopsie-0.2.72/debian/changelog 2020-09-21 13:07:53.000000000 -0400 +++ whoopsie-0.2.73~test1/debian/changelog 2020-10-26 14:40:14.000000000 -0400 @@ -1,3 +1,12 @@ +whoopsie (0.2.73~test1) groovy; urgency=medium + + * Attempt to fix double free issue (LP: #1899100) + - src/whoopsie.c: reject duplicate keys, re-order certain operations. + - src/tests/data/crash/invalid_key_duplicate, + src/tests/test_parse_report.c: added test for duplicate keys. + + -- Marc Deslauriers Mon, 26 Oct 2020 14:40:14 -0400 + whoopsie (0.2.72) groovy; urgency=medium * src/whoopsie.c: Do not upload AlsaInfo as it is redundant now that PaInfo diff -Nru whoopsie-0.2.72/src/tests/data/crash/invalid_key_duplicate whoopsie-0.2.73~test1/src/tests/data/crash/invalid_key_duplicate --- whoopsie-0.2.72/src/tests/data/crash/invalid_key_duplicate 1969-12-31 19:00:00.000000000 -0500 +++ whoopsie-0.2.73~test1/src/tests/data/crash/invalid_key_duplicate 2020-10-26 14:40:14.000000000 -0400 @@ -0,0 +1,13 @@ +ProblemType: Crash +Architecture: amd64 +Architecture: i386 +Date: Thu Feb 2 17:09:31 2012 +ProcEnviron: + LANGUAGE=en_US:en + LC_CTYPE=en_US.UTF-8 + LC_COLLATE=en_US.UTF-8 + PATH=(custom, user) + LANG=en_US.UTF-8 + LC_MESSAGES=en_US.UTF-8 + SHELL=/bin/bash +Uname: Linux 3.2.0-12-generic x86_64 diff -Nru whoopsie-0.2.72/src/tests/test_parse_report.c whoopsie-0.2.73~test1/src/tests/test_parse_report.c --- whoopsie-0.2.72/src/tests/test_parse_report.c 2020-08-05 17:53:01.000000000 -0400 +++ whoopsie-0.2.73~test1/src/tests/test_parse_report.c 2020-10-26 14:40:14.000000000 -0400 @@ -449,6 +449,9 @@ const char* empty_line_data[] = { TEST_DIR "/data/crash/invalid_value", "Report key must have a value." }; + const char* duplicate_key_data[] = { + TEST_DIR "/data/crash/invalid_key_duplicate", + "Report key must not be a duplicate." }; g_test_add_data_func ("/whoopsie/invalid_symlink", symlink_data, test_report_expect_error); @@ -466,6 +469,8 @@ no_spaces_data, test_report_expect_error); g_test_add_data_func ("/whoopsie/empty-line", empty_line_data, test_report_expect_error); + g_test_add_data_func ("/whoopsie/duplicate_key", + duplicate_key_data, test_report_expect_error); /* Run this last, so as to not mess with other tests. */ g_test_add_func ("/whoopsie/drop-privileges", test_drop_privileges); diff -Nru whoopsie-0.2.72/src/whoopsie.c whoopsie-0.2.73~test1/src/whoopsie.c --- whoopsie-0.2.72/src/whoopsie.c 2020-09-21 13:06:16.000000000 -0400 +++ whoopsie-0.2.73~test1/src/whoopsie.c 2020-10-26 14:40:14.000000000 -0400 @@ -481,19 +481,19 @@ 0, "Report value too long."); goto error; } + g_hash_table_steal (hash_table, key); value = g_realloc (value, value_pos + 1 + value_length + 1); value_p = value + value_pos; *value_p = '\n'; value_p++; - g_hash_table_steal (hash_table, key); } else { - value = g_realloc (value, value_length + 1); - value_p = value; /* Make sure we properly free the old empty string value */ old_value = g_hash_table_lookup (hash_table, key); if (old_value) g_free (old_value); g_hash_table_steal (hash_table, key); + value = g_realloc (value, value_length + 1); + value_p = value; } memcpy (value_p, p, value_length); value_p[value_length] = '\0'; @@ -502,6 +502,12 @@ if (*c != '\t' && *c >= '\0' && *c < ' ') *c = '?'; value_p += value_length; + if (g_hash_table_contains (hash_table, key) == TRUE) { + g_set_error (error, + g_quark_from_static_string ("whoopsie-quark"), + 0, "Report key must not be a duplicate."); + goto error; + } g_hash_table_insert (hash_table, key, value ? value : g_strdup("")); p = token_p + 1; } else { @@ -572,6 +578,12 @@ } p = token_p + 1; + if (g_hash_table_contains (hash_table, key) == TRUE) { + g_set_error (error, + g_quark_from_static_string ("whoopsie-quark"), + 0, "Report key must not be a duplicate."); + goto error; + } g_hash_table_insert (hash_table, key, value ? value : g_strdup("")); } }