:lady_beetle: double free detected in tcache 2

Question

:lady_beetle: double free detected in tcache 2

pete4abw opened this issue 9 months ago · comments

Peter Hyman commented 9 months ago

lrzip-next Version

lrzip-next 0.12.3

lrzip-next command line

lrzip-next

What happened?

When there is no lrzip.conf file, lrzip-next aborts with an error

free(): double free detected in tcache 2
Aborted (core dumped)

What was expected behavior?

Either run program without error, show usage screen, or copyright info as requested.

Steps to reproduce

make sure no lrzip.conf file exists
run lrzip-next with any command

Relevant log output

free(): double free detected in tcache 2
Aborted (core dumped)

Please provide system details

OS Distro: Debian 12
Kernel Version (uname -a): 6.1.0-10-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.38-2 (2023-07-27) x86_64 GNU/Linux
System ram (free -h): lots

Additional Context

Several errors were detected in the read_config() function in util.c. Most serious was using sizeof(homeconf) in snprintf() instead of the length of homeconf.

diff --git a/src/util.c b/src/util.c
index 5ed95f7..20ff021 100644
--- a/src/util.c
+++ b/src/util.c
@@ -224,10 +224,10 @@ bool read_config(rzip_control *control)
        if (fp == NULL) {
                HOME=getenv("HOME");
                if (HOME) {
-                       snprintf(homeconf, sizeof(homeconf), "%s/.lrzip/lrzip.conf", HOME);
+                       snprintf(homeconf, 255, "%s/.lrzip/lrzip.conf", HOME);

Peter Hyman · Answer 1 · Sat Nov 18 2023 22:30:53 GMT+0800 (China Standard Time)

v0.12.4 fixes