From d5fbb8baf0474378c863739d8ecb0213218d6b77 Mon Sep 17 00:00:00 2001 From: David Oberhollenzer Date: Mon, 1 Jul 2019 10:51:50 +0200 Subject: Fix double free in GNU tar sparse file parser The intention was to free the temporary object in addition to the list. Since the temp pointer is also used for iterating the list, this resulted in a double free instead of the intended. This commit fixes the double free by replacing the recycled variable based list free with the helper function intended to do this. Bug found using scan-build. Signed-off-by: David Oberhollenzer --- lib/tar/read_header.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/lib/tar/read_header.c b/lib/tar/read_header.c index 95d7d0c..de6f0cd 100644 --- a/lib/tar/read_header.c +++ b/lib/tar/read_header.c @@ -203,11 +203,7 @@ fail_format: fputs("malformed GNU pax sparse file record\n", stderr); goto fail; fail: - while (list != NULL) { - ent = list; - list = list->next; - free(ent); - } + free_sparse_list(list); free(ent); return NULL; } -- cgit v1.2.3