Package: libulfius2.7 Version: 2.7.6-1 Severity: important Tags: patch upstream X-Debbugs-Cc: Nicolas Mora <git...@babelouest.org>
Ulfius has the capability of applications registering their own memory allocation functions using o_set_alloc_funcs(), as described in API.md at https://github.com/babelouest/ulfius/blob/master/API.md#memory-management Applications such as osmo-remsim make use of this feature to introduce libtalloc as a tool to help locating memory leaks. However, from 2.6.0 up to 2.7.6 and current master, ulfius introduced a bug which renders this feature unusable: Some new code started to bypass the application-provided malloc-functio but directly call libc-malloc while passing that libc-malloc-allocated memory to the application-provided free-function. As every memory allocator expects to receive only memory it has allocated to its free-function, this immediately crashes every application with custom allocator functions. The upstream bug report is at https://github.com/babelouest/ulfius/issues/206 The upstream pull request is at https://github.com/babelouest/ulfius/pull/207 Debian will need to patch/update the ulfius packages for bullseye + sid. Debian buster is not affected, as it still ships ulfius 2.5.x which is prior to introducing the bug. -- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.14.0-4-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_DIE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libulfius2.7 depends on: ii libc6 2.32-5 ii libcurl3-gnutls 7.79.1-2 ii libgnutls30 3.7.2-2 ii libjansson4 2.13.1-1.1 ii libmicrohttpd12 0.9.73-4 ii liborcania2.2 2.2.1-1+b1 ii libyder2.0 1.4.14-1 ii zlib1g 1:1.2.11.dfsg-2 libulfius2.7 recommends no packages. libulfius2.7 suggests no packages. -- no debconf information
>From a2951c32475a79fccfaa06b7c3c36297c6f6cf5b Mon Sep 17 00:00:00 2001 From: Harald Welte <lafo...@osmocom.org> Date: Wed, 8 Dec 2021 16:57:12 +0100 Subject: [PATCH] u_request: Don't use malloc, but always o_malloc Allocating memory using malloc, but then free'ing it using o_free will not work for anyone using a custom memory allocator. The allocations and free's must either both go to libc, or both via the custom allocator; one cannot allocate one way and release another. Closes: #206 --- src/u_request.c | 2 +- src/ulfius.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/u_request.c b/src/u_request.c index 385572b..8203c5e 100644 --- a/src/u_request.c +++ b/src/u_request.c @@ -143,7 +143,7 @@ static char from_hex(char ch) { */ static char * url_decode(const char * str) { if (str != NULL) { - char * pstr = (char*)str, * buf = malloc(strlen(str) + 1), * pbuf = buf; + char * pstr = (char*)str, * buf = o_malloc(strlen(str) + 1), * pbuf = buf; while (* pstr) { if (* pstr == '%') { if (pstr[1] && pstr[2]) { diff --git a/src/ulfius.c b/src/ulfius.c index 0d7da36..8a0caa6 100644 --- a/src/ulfius.c +++ b/src/ulfius.c @@ -1842,7 +1842,7 @@ static char to_hex(char code) { char * ulfius_url_encode(const char * str) { char * pstr = (char*)str, * buf = NULL, * pbuf = NULL; if (str != NULL) { - buf = malloc(strlen(str) * 3 + 1); + buf = o_malloc(strlen(str) * 3 + 1); if (buf != NULL) { pbuf = buf; while (* pstr) { @@ -1876,7 +1876,7 @@ char * ulfius_url_encode(const char * str) { char * ulfius_url_decode(const char * str) { char * pstr = (char*)str, * buf = NULL, * pbuf = NULL; if (str != NULL) { - buf = malloc(strlen(str) + 1); + buf = o_malloc(strlen(str) + 1); if (buf != NULL) { pbuf = buf; while (* pstr) { -- 2.34.1