diff options
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | grammar/rainerscript.c | 2 |
2 files changed, 8 insertions, 1 deletions
@@ -1,3 +1,10 @@ +- bugfix: potential segfault due to invalid param handling in comparisons + This could happen in RainerScript comparisons (like contains); in some + cases an unitialized variable was accessed, which could lead to an + invalid free and in turn to a segfault. + Closes: http://bugzilla.adiscon.com/show_bug.cgi?id=372 + Thanks to Georgi Georgiev for reporting this bug and his great help + in solving it. ---------------------------------------------------------------------------- Version 7.2.2 [v7-stable] 2012-10-?? - enabled to build without libuuid, at loss of uuid functionality diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c index 36254632..a752e517 100644 --- a/grammar/rainerscript.c +++ b/grammar/rainerscript.c @@ -1230,7 +1230,7 @@ evalStrArrayCmp(es_str_t *estr_l, struct cnfarray* ar, int cmpop) #define FREE_TWO_STRINGS \ if(bMustFree) es_deleteStr(estr_r); \ - if(expr->r->nodetype != 'A' && r.datatype == 'S') es_deleteStr(r.d.estr); \ + if(expr->r->nodetype != 'S' && expr->r->nodetype != 'A' && r.datatype == 'S') es_deleteStr(r.d.estr); \ if(bMustFree2) es_deleteStr(estr_l); \ if(l.datatype == 'S') es_deleteStr(l.d.estr) |