View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007926 | ardour | bugs | public | 2020-03-11 14:11 | 2020-05-10 14:11 |
| Reporter | arya lee | Assigned To | paul | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Summary | 0007926: use after free: issue when using libxml2 API 'xmlFreeDoc' and 'xmlXPathFreeContext' | ||||
| Description | I find a 'use after free' vulnerability when I read ardour' source code at Github. This issue lies in 774 line, 782 line of ardour/libs/pbd/xml++.cc. After releasing the 'ctxt' structure using 'xmlXPathFreeContext', the next line try to free 'ctxt->doc'. I haven't done an experiment to verify it yet, but I think it's a problem. PS, xmlXPathFreeContext, xmlFreeDoc are APIs of libxml2. | ||||
| Tags | No tags attached. | ||||
|
|
This code originally came from libxml++. It does indeed look like an error. Fixed in 96daa4036a42 |
|
|
Issue has been closed automatically, by Trigger Close Plugin. Feel free to re-open with additional information if you think the issue is not resolved. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-03-11 14:11 | arya lee | New Issue | |
| 2020-03-11 14:51 | paul | Assigned To | => paul |
| 2020-03-11 14:51 | paul | Status | new => resolved |
| 2020-03-11 14:51 | paul | Resolution | open => fixed |
| 2020-03-11 14:51 | paul | Note Added: 0021018 | |
| 2020-05-10 14:11 | anonymous | Note Added: 0024116 | |
| 2020-05-10 14:11 | anonymous | Status | resolved => closed |
