Skip to content
Find file Blame History Permalink
  • Beniamino Galvani's avatar
    libnm-core: fix invalid memory access · 3fa39f61
    Beniamino Galvani authored 
    When we delete the runner.name property, the runner object itself gets
deleted if that was the only property, and @runner becomes invalid.

 ==13818== Invalid read of size 1
 ==13818==    at 0x55EAF4: nm_streq (nm-macros-internal.h:869)
 ==13818==    by 0x55EAF4: _json_team_normalize_defaults (nm-utils.c:5573)
 ==13818==    by 0x566C89: _nm_utils_team_config_set (nm-utils.c:6057)
 ==13818==    by 0x5498A6: _nm_utils_json_append_gvalue (nm-utils-private.h:228)
 ==13818==    by 0x5498A6: set_property (nm-setting-team.c:1622)
 ==13818==  Address 0x182a9330 is 0 bytes inside a block of size 13 free'd
 ==13818==    at 0x4839A0C: free (vg_replace_malloc.c:530)
 ==13818==    by 0x4857868: json_delete_string (value.c:763)
 ==13818==    by 0x4857868: json_delete (value.c:975)
 ==13818==    by 0x4851FA1: UnknownInlinedFun (jansson.h:129)
 ==13818==    by 0x4851FA1: hashtable_do_del (hashtable.c:131)
 ==13818==    by 0x4851FA1: hashtable_del (hashtable.c:289)
 ==13818==    by 0x55DFDD: _json_del_object (nm-utils.c:5384)
 ==13818==    by 0x55EA70: _json_delete_object_on_string_match (nm-utils.c:5532)
 ==13818==    by 0x55EADB: _json_team_normalize_defaults (nm-utils.c:5549)
 ==13818==    by 0x566C89: _nm_utils_team_config_set (nm-utils.c:6057)
 ==13818==    by 0x5498A6: _nm_utils_json_append_gvalue (nm-utils-private.h:228)
 ==13818==    by 0x5498A6: set_property (nm-setting-team.c:1622)
 ==13818==  Block was alloc'd at
 ==13818==    at 0x483880B: malloc (vg_replace_malloc.c:299)
 ==13818==    by 0x4852E8C: lex_scan_string (load.c:389)
 ==13818==    by 0x4852E8C: lex_scan (load.c:620)
 ==13818==    by 0x4853458: parse_object (load.c:738)
 ==13818==    by 0x4853458: parse_value (load.c:862)
 ==13818==    by 0x4853466: parse_object (load.c:739)
 ==13818==    by 0x4853466: parse_value (load.c:862)
 ==13818==    by 0x4853655: parse_json.constprop.7 (load.c:899)
 ==13818==    by 0x48537CF: json_loads (load.c:959)
 ==13818==    by 0x566780: _nm_utils_team_config_set (nm-utils.c:5961)
 ==13818==    by 0x5498A6: _nm_utils_json_append_gvalue (nm-utils-private.h:228)
 ==13818==    by 0x5498A6: set_property (nm-setting-team.c:1622)

Fixes: a5642fd9 ('libnm-core: team: rework defaults management on runner properties')
(cherry picked from commit 80a3031a)
    3fa39f61