810c0eecf1
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
27 lines
814 B
Diff
27 lines
814 B
Diff
From c75b9281a5b9452d92e1682bdfe6019a13ed819f Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Albin=20Eldst=C3=A5l-Ahrens?= <laeder.keps@gmail.com>
|
|
Date: Mon, 3 Jan 2022 12:34:41 +0100
|
|
Subject: [PATCH] Remove double free() in contrib/shpsrt, issue #39
|
|
|
|
This fixes issue #39
|
|
|
|
[Retrieved from:
|
|
https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f]
|
|
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
|
---
|
|
contrib/shpsort.c | 1 -
|
|
1 file changed, 1 deletion(-)
|
|
|
|
diff --git a/contrib/shpsort.c b/contrib/shpsort.c
|
|
index e21e9e0..920cd8c 100644
|
|
--- a/contrib/shpsort.c
|
|
+++ b/contrib/shpsort.c
|
|
@@ -113,7 +113,6 @@ static char ** split(const char *arg, const char *delim) {
|
|
free(result[--i]);
|
|
}
|
|
free(result);
|
|
- free(copy);
|
|
return NULL;
|
|
}
|
|
result = tmp;
|