mirror
/
sane-project-backends
kopia lustrzana https://gitlab.com/sane-project/backends
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

gt68xx: fix use-after-free and two mem leaks 

The config file argument needs to be freed when a device is not set.
That was missed for two occasions. The other occasion was freeing it
unconditionally leading to a use-after-free for the regular use case.

Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980311

This is the least intrusive fix. The code really wants to be refactored.
Tested with a Mustek 1200 UB Plus.
release-1.1.x
Wolfram Sang 2021-06-10 11:32:04 +02:00
rodzic a78abbbdba
commit 63942f7a74
1 zmienionych plików z 15 dodań i 7 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

22
backend/gt68xx.c
Wyświetl plik

@ -1174,8 +1174,11 @@ static SANE_Status probe_gt68xx_devices(void)
new_dev[i]->model->firmware_name);
}
if (i == 0)
DBG (5, "sane_init: firmware %s can't be loaded, set device "
"first\n", word);
{
DBG (5, "sane_init: firmware %s can't be loaded, set device "
"first\n", word);
free (word);
}
}
else
{
@ -1198,8 +1201,11 @@ static SANE_Status probe_gt68xx_devices(void)
new_dev[i]->model->name, new_dev[i]->model->vendor);
}
if (i == 0)
DBG (5, "sane_init: can't set vendor name %s, set device "
"first\n", word);
{
DBG (5, "sane_init: can't set vendor name %s, set device "
"first\n", word);
free (word);
}
}
else
{
@ -1221,9 +1227,11 @@ static SANE_Status probe_gt68xx_devices(void)
new_dev[i]->model->name, new_dev[i]->model->model);
}
if (i == 0)
DBG (5, "sane_init: can't set model name %s, set device "
"first\n", word);
free (word);
{
DBG (5, "sane_init: can't set model name %s, set device "
"first\n", word);
free (word);
}
}
else
{