From 478af5d1c869f16e7e72bb49e8b7919e642f0b38 Mon Sep 17 00:00:00 2001 From: Allan McRae Date: Mon, 18 Mar 2024 11:08:14 +1000 Subject: [PATCH] Fix read-after-free issue parsing config files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We were indirectly adjusting a pointer to a parameter that was declared as a const. This resulted in a use-after-free when using --debug: [11:09:18] debug: config: finished parsing ��A�8_ Signed-off-by: Allan McRae --- src/pacman/conf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/pacman/conf.c b/src/pacman/conf.c index 207ebf7a..7318ad54 100644 --- a/src/pacman/conf.c +++ b/src/pacman/conf.c @@ -1375,13 +1375,13 @@ int parseconfigfile(const char *file) { struct section_t section = {0}; char *realfile; + int ret; if((realfile = prepend_dir(config->sysroot, file)) == NULL) { return -1; } - pm_printf(ALPM_LOG_DEBUG, "config: attempting to read file %s\n", realfile); - free(config->configfile); - config->configfile = realfile; - return parse_ini(realfile, _parse_directive, §ion); + ret = parse_ini(realfile, _parse_directive, §ion); + free(realfile); + return ret; } /** Parse a configuration file.