void-packages/srcpkgs/gthumb/patches/cve-2018-18718.patch

22 lines
1020 B
Diff

Description: CVE-2018-18718
An issue was discovered in gThumb through 3.6.2. There is a
double-free vulnerability in the add_themes_from_dir method in
dlg-contact-sheet.c because of two successive calls of g_free,
each of which frees the same buffer.
Thanks Tianjun Wu - https://gitlab.gnome.org/leoaccount
https://gitlab.gnome.org/GNOME/gthumb/issues/18
Author: Herbert Parentes Fortes Neto <hpfn@debian.org>
Last-Update: 2018-10-30
Index: gthumb/extensions/contact_sheet/dlg-contact-sheet.c
===================================================================
--- extensions/contact_sheet/dlg-contact-sheet.c
+++ extensions/contact_sheet/dlg-contact-sheet.c
@@ -352,6 +352,7 @@ add_themes_from_dir (DialogData *data,
if (! g_key_file_load_from_data (key_file, buffer, size, G_KEY_FILE_NONE, NULL)) {
g_key_file_free (key_file);
g_free (buffer);
+ buffer = NULL;
g_object_unref (file);
g_object_unref (file_info);
}