File: 0001-Fix-a-crash-related-to-using-pointers-wrong-for-keep.patch

package info (click to toggle)
php-uploadprogress 1.1.3-4
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 216 kB
  • sloc: ansic: 505; xml: 244; php: 27; makefile: 1
file content (66 lines) | stat: -rw-r--r-- 2,608 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
From: =?utf-8?b?T25kxZllaiBTdXLDvQ==?= <ondrej@sury.org>
Date: Wed, 13 May 2020 07:13:29 +0200
Subject: Fix a crash related to using pointers wrong for keeping the
 upload_id

---
 uploadprogress-1.1.3/uploadprogress.c | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/uploadprogress-1.1.3/uploadprogress.c b/uploadprogress-1.1.3/uploadprogress.c
index 6f72a92..ca3f17b 100644
--- a/uploadprogress-1.1.3/uploadprogress.c
+++ b/uploadprogress-1.1.3/uploadprogress.c
@@ -105,30 +105,23 @@ static int uploadprogress_php_rfc1867_file(unsigned int event, void  *event_data
         }
 
         if (strcmp(e_data->name, "UPLOAD_IDENTIFIER") == 0)  {
-            char **upload_id;
             char *template = INI_STR("uploadprogress.file.filename_template");
 
             if (strcmp(template, "") == 0)  {
                 return FAILURE;
             }
 
-            upload_id = emalloc(strlen(*e_data->value) + 1);
-            strcpy(*upload_id, *e_data->value);
-
-            progress->upload_id = *upload_id;
+            progress->upload_id = emalloc(strlen(*e_data->value) + 1);
+            strcpy(progress->upload_id, *e_data->value);
             progress->time_last = time(NULL);
             progress->speed_average = 0;
             progress->speed_last = 0;
             progress->bytes_uploaded = read_bytes;
             progress->files_uploaded = 0;
             progress->est_sec = 0;
-            progress->identifier = uploadprogress_mk_filename(*upload_id, template);
+            progress->identifier = uploadprogress_mk_filename(progress->upload_id, template);
             progress->identifier_tmp = emalloc(strlen( progress->identifier) + 4);
             sprintf(progress->identifier_tmp, "%s.wr", progress->identifier);
-
-            if (upload_id) {
-                efree(upload_id);
-            }
         }
     }
 
@@ -198,6 +191,7 @@ static int uploadprogress_php_rfc1867_file(unsigned int event, void  *event_data
             }
         } else if (event == MULTIPART_EVENT_END) {
             VCWD_UNLINK(progress->identifier);
+            efree(progress->upload_id);
             efree(progress->identifier);
             efree(progress->identifier_tmp);
             efree(progress);
@@ -264,6 +258,10 @@ static int uploadprogress_php_rfc1867_file(unsigned int event, void  *event_data
             efree(progress->identifier);
         }
 
+        if (progress->upload_id) {
+            efree(progress->upload_id);
+        }
+
         if (progress->identifier_tmp) {
             efree(progress->identifier_tmp);
         }