Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[pull] master from MidnightCommander:master #81

Merged
merged 5 commits into from
Dec 21, 2024
Merged

[pull] master from MidnightCommander:master #81

merged 5 commits into from
Dec 21, 2024

Conversation

pull[bot]
Copy link

@pull pull bot commented Dec 21, 2024
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.1)

Can you help keep this open source service alive? 💖 Please sponsor : )

aborodin and others added 5 commits December 21, 2024 10:24
@aborodin
Ticket #4616: (tar_read_header): fix double free.
152362b 
When tar data block unexpected end then header_copy get freed but
"goto ret:" freed header_copy again.

Do not free header_copy at exit from the loop of reading tar blocks.

Found by Clang-19 Static Analyzer.

The bug was introduced in 8223f82.

Reported-by: Andreas Mohr <[email protected]>
Signed-off-by: Andrew Borodin <[email protected]>
@aborodin
Merge branch '4616_tar_double_free'
0df9c46 
* 4616_tar_double_free:
  Ticket #4616: (tar_read_header): fix double free.
@aborodin
Ticket #4620: (sftpfs_fill_connection_data_from_config): fix use-afte…
d0d8ae9 
…r-free.

Fix Use-after-free in sftpfs_fill_connection_data_from_config()

Found by Clang-19 Static Analyzer

The bug was introduced in 4c998ac.

Reported-by: Andreas Mohr <[email protected]>
Signed-off-by: Andrew Borodin <[email protected]>
@aborodin
Ticket #5621: (add_new_entry_cmd): fix Use-after-free.
47761ff 
src/filemanager/hotlist.c:1046:26: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]
 1046 |     if (title == NULL || *title == '\0' || url == NULL || *url == '\0')
      |                          ^~~~~~

 - distinct def_text and title/url
 - simplify and move quick_dialog return evaluation in same function add_new_entry_cmd()

Found by Clang-19 Static Analyzer.

Signed-off-by: Andreas Mohr <[email protected]>
Signed-off-by: Andrew Borodin <[email protected]>
@aborodin
Merge branch '4620_use_after_free'
c4af7f0 
* 4620_use_after_free:
  Ticket #5621: (add_new_entry_cmd): fix Use-after-free.
  Ticket #4620: (sftpfs_fill_connection_data_from_config): fix use-after-free.
@pull pull bot added the ⤵️ pull label Dec 21, 2024
@pull pull bot merged commit c4af7f0 into TomfromBerlin:master Dec 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
⤵️ pull
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@aborodin