File pan-fix-use-after-free-in-main.patch of Package pan
From 27190a525b6e5684af35566170c50f5beaa10c53 Mon Sep 17 00:00:00 2001
From: "paul@flinders.org" <paul@flinders.org>
Date: Thu, 8 Feb 2018 21:23:32 +0100
Subject: Bug 793277 Use after free in main()
The problem is the scope of the return value from data.get_servers()
which is a std::set of Quarks
The temporary used for this value goes out of scope at the end of
the statement containing it - within the for loop control
statement - it is not in scope in the loop body.
The result is that later dereferencing the iterator on line 1158
accesses memory which has been returned to the heap.
---
pan/gui/pan.cc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/pan/gui/pan.cc b/pan/gui/pan.cc
index b552a2c..f732398 100644
--- a/pan/gui/pan.cc
+++ b/pan/gui/pan.cc
@@ -1152,7 +1152,8 @@ main (int argc, char *argv[])
if (!data.get_servers().empty())
{
// free secure passwords
- foreach(quarks_t, data.get_servers(), it)
+ quarks_t srv_list = data.get_servers();
+ foreach(quarks_t, srv_list, it)
{
Data::Server* s(data.find_server(*it));
if (s && s->gkr_pw)
--
cgit v0.12