diff options
Diffstat (limited to 'hotfix-04_fix-uaf-in-safe-references-4165.patch')
-rw-r--r-- | hotfix-04_fix-uaf-in-safe-references-4165.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/hotfix-04_fix-uaf-in-safe-references-4165.patch b/hotfix-04_fix-uaf-in-safe-references-4165.patch new file mode 100644 index 0000000..adbaaf0 --- /dev/null +++ b/hotfix-04_fix-uaf-in-safe-references-4165.patch @@ -0,0 +1,48 @@ +From 05a7e9e3f647cf77c2782f8f24b05a8d37117ccc Mon Sep 17 00:00:00 2001 +From: joveeater <joveasarus@gmail.com> +Date: Sat, 27 Jan 2024 10:39:58 +0000 +Subject: [PATCH] fix: uaf in safe references (#4165) + +* Fixes a uaf in safe references + +* style(autofix.ci): automated formatting + +--------- + +Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> +--- + src/safe_reference.h | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/safe_reference.h b/src/safe_reference.h +index 7334885bc67..552aeb6e300 100644 +--- a/src/safe_reference.h ++++ b/src/safe_reference.h +@@ -154,6 +154,7 @@ class safe_reference + } else { + rec->mem_count--; + rec = rec->target.redirect; ++ rec->mem_count++; + } + } + } +@@ -368,13 +369,12 @@ class safe_reference + if( sec_rec->id == ID_NONE ) { + sec_rec->id = REDIRECTED_MASK; + sec_rec->target.redirect = pri_rec; +- } +- +- //They both have an id +- if( pri_rec->id != ID_NONE && sec_rec->id != ID_NONE ) { ++ pri_rec->mem_count++; ++ } else { + //This is the worse case, we actually need a redirect + sec_rec->id = sec_rec->id | REDIRECTED_MASK; + sec_rec->target.redirect = pri_rec; ++ pri_rec->mem_count++; + } + } + +-- +2.43.0 + |