3party/protobuf-c
0
0
Fork 0
mirror of https://github.com/protobuf-c/protobuf-c.git synced 2024-12-28 06:10:53 +08:00
Code Issues Projects Releases Wiki Activity

Fix memory corruption by initlizalizing pointer

Browse Source 
A memory corruption in protobuf_c_message_free_unpacked happens at the
following line:

        if (message->unknown_fields != NULL)
                do_free(allocator, message->unknown_fields);

The do_free will free ->unknown_fields. This is may be wrong, because
protobuf_c_message_unpack uses malloc as the default allocator, allocates
rv with malloc. At the end, however, ->unknown_fields is only initialized
if there are some. That means if there are no such fields ->unknown_fields
is an uninitialized pointer.

The patch initializes the pointer to NULL to ensure the check before free
is performed on initialized memory in case there is no unknown_field.

This fixes https://github.com/protobuf-c/protobuf-c/issues/690

Signed-off-by: Stephan Mueller <smueller@chronox.de>
This commit is contained in:
Stephan Mueller 2024-01-21 11:04:34 +01:00
parent 8c201f6e47
commit 55c8b0dc68
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
protobuf-c/protobuf-c.c
View File

@ -3278,6 +3278,8 @@ protobuf_c_message_unpack(const ProtobufCMessageDescriptor *desc,
n_unknown * sizeof(ProtobufCMessageUnknownField));
if (rv->unknown_fields == NULL)
goto error_cleanup;
} else {
rv->unknown_fields = NULL;
}
/* do real parsing */