Overview

File libsoup-CVE-2025-12105.patch of Package libsoup

From 9ba1243a24e442fa5ec44684617a4480027da960 Mon Sep 17 00:00:00 2001
From: Eugene Mutavchi <Ievgen_Mutavchi@comcast.com>
Date: Fri, 10 Oct 2025 16:24:27 +0000
Subject: [PATCH] fix 'heap-use-after-free' caused by 'finishing' queue item
 twice

---
 libsoup/soup-session.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libsoup/soup-session.c b/libsoup/soup-session.c
index c5694d2c..4e6b478b 100644
--- a/libsoup/soup-session.c
+++ b/libsoup/soup-session.c
@@ -2894,8 +2894,10 @@ run_until_read_done (SoupMessage          *msg,
 		if (soup_message_io_in_progress (msg))
 			soup_message_io_finished (msg);
 		item->paused = FALSE;
-		item->state = SOUP_MESSAGE_FINISHING;
-		soup_session_process_queue_item (item->session, item, FALSE);
+		if (item->state != SOUP_MESSAGE_FINISHED) {
+			item->state = SOUP_MESSAGE_FINISHING;
+			soup_session_process_queue_item (item->session, item, FALSE);
+		}
 	}
 	async_send_request_return_result (item, NULL, error);
         soup_message_queue_item_unref (item);
-- 
2.51.1
openSUSE Build Service is sponsored by
Places