1 files changed, 49 insertions, 0 deletions

diff --git a/recipes-core/swupd-server/swupd-server-2.53/0005-xattrs.c-Avoid-freeing-dangling-pointers.patch b/recipes-core/swupd-server/swupd-server-2.53/0005-xattrs.c-Avoid-freeing-dangling-pointers.patch
new file mode 100644
index 0000000..0706862
--- /dev/null
+++ b/recipes-core/swupd-server/swupd-server-2.53/0005-xattrs.c-Avoid-freeing-dangling-pointers.patch
@@ -0,0 +1,49 @@
+From 5a061a5d332e11fa55ea2ecd68554e77c2bbc36e Mon Sep 17 00:00:00 2001
+From: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
+Date: Mon, 14 Mar 2016 16:44:00 +0200
+Subject: [PATCH] xattrs.c: Avoid freeing dangling pointers
+
+It may happen that in a new version of a file xattrs
+get added or removed. In this case one of the xattr
+strings points to the bogus 0xdeadcafe address.
+In order to avoid freeing the dangling pointer check
+the length of the xattr string.
+
+Upstream-Status: Backport [v2.54+]
+
+Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
+---
+ src/xattrs.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/src/xattrs.c b/src/xattrs.c
+index bf7256c..16905bd 100644
+--- a/src/xattrs.c
++++ b/src/xattrs.c
+@@ -242,8 +242,8 @@ int xattrs_compare(const char *filename1, const char *filename2)
+ {
+ 	char *new_xattrs;
+ 	char *old_xattrs;
+-	size_t new_xattrs_len;
+-	size_t old_xattrs_len;
++	size_t new_xattrs_len = 0;
++	size_t old_xattrs_len = 0;
+ 	int ret = 0;
+ 
+ 	xattrs_get_blob(filename1, &old_xattrs, &old_xattrs_len);
+@@ -258,8 +258,10 @@ int xattrs_compare(const char *filename1, const char *filename2)
+ 		ret = -1;
+ 	}
+ 
+-	free(old_xattrs);
+-	free(new_xattrs);
++	if (old_xattrs_len)
++		free(old_xattrs);
++	if (new_xattrs_len)
++		free(new_xattrs);
+ 
+ 	return ret;
+ }
+-- 
+2.5.0
+