Mercurial > hg

changeset 30830:08fa3a76a080

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
zstd: prevent potential free() of uninitialized memory This is a cherry pick of an upstream fix. The free() of uninitialed memory could likely only occur if a malloc() inside zstd fails. The patched functions aren't currently used by Mercurial. But I don't like leaving footguns sitting around.
author Gregory Szorc <gregory.szorc@gmail.com>
date Tue, 17 Jan 2017 10:17:13 -0800
parents 08b34c3a6f74
children 9f264adbe75b
files contrib/python-zstandard/c-ext/compressor.c contrib/python-zstandard/c-ext/decompressor.c
diffstat 2 files changed, 6 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/contrib/python-zstandard/c-ext/compressor.c	Tue Jan 17 11:25:02 2017 -0800
+++ b/contrib/python-zstandard/c-ext/compressor.c	Tue Jan 17 10:17:13 2017 -0800
@@ -258,6 +258,9 @@
 		return NULL;
 	}
 
+	/* Prevent free on uninitialized memory in finally. */
+	output.dst = NULL;
+
 	cstream = CStream_from_ZstdCompressor(self, sourceSize);
 	if (!cstream) {
 		res = NULL;
--- a/contrib/python-zstandard/c-ext/decompressor.c	Tue Jan 17 11:25:02 2017 -0800
+++ b/contrib/python-zstandard/c-ext/decompressor.c	Tue Jan 17 10:17:13 2017 -0800
@@ -165,6 +165,9 @@
 		return NULL;
 	}
 
+	/* Prevent free on uninitialized memory in finally. */
+	output.dst = NULL;
+
 	dstream = DStream_from_ZstdDecompressor(self);
 	if (!dstream) {
 		res = NULL;