!34 fix memory leak, bindings error, crash error

From: @han_hui_hui Reviewed-by: @t_feng Signed-off-by: @t_feng
2022-10-21 03:30:35 +00:00 · 2022-10-21 03:30:35 +00:00 · 50ab507e43
commit 50ab507e43
parent 49613951d5 b502788940
4 changed files with 99 additions and 1 deletions
--- a/backport-Fix-memory-leak-when-using-testsolv-to-execute-cases.patch
+++ b/backport-Fix-memory-leak-when-using-testsolv-to-execute-cases.patch
@ -0,0 +1,30 @@
+From 9a361f5248557e032f15890aac54c0db53c52098 Mon Sep 17 00:00:00 2001
+From: banjiuqingshan <63209634+banjiuqingshan@users.noreply.github.com>
+Date: Sun, 19 Jun 2022 01:43:51 +0800
+Subject: [PATCH] Fix memory leak when using testsolv to execute cases
+
+*resultp will only keep the pointer of the last cycle, which will lead to memory leakage.
+This solves the first memory leak problem in issue #496 "==255147==error..."
+
+Conflict:NA
+Reference:https://github.com/openSUSE/libsolv/commit/9a361f5248557e032f15890aac54c0db53c52098
+
+---
+ ext/testcase.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/ext/testcase.c b/ext/testcase.c
+index 035cfdbd1..c529057a8 100644
+--- a/ext/testcase.c
+++ b/ext/testcase.c
+@@ -2448,7 +2448,10 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
+ 		}
+ 	    }
+ 	  if (resultp)
+	  {
+	    solv_free(*resultp);
+ 	    *resultp = result;
+	  }
+ 	  else
+ 	    solv_free(result);
+ 	  if (resultflagsp)
--- a/backport-Fix-segfault-on-conflict-resolution-when-using-bindings.patch
+++ b/backport-Fix-segfault-on-conflict-resolution-when-using-bindings.patch
@ -0,0 +1,31 @@
+From 2b5e6c28be7dffe1a3b5e90a35c5ee425c08aeb0 Mon Sep 17 00:00:00 2001
+From: niner <nine@detonation.org>
+Date: Tue, 8 Feb 2022 18:10:54 +0100
+Subject: [PATCH] Fix segfault on conflict resolution when using bindings
+
+Solutionelement objects were created with a wrong solutionid (i.e. the
+solution element id was used for the solutionid field). This led to invalid
+array indexes when trying to read the extraflags which then escalated
+into a segfault. Fix by setting solutionid correctly in the Solutionelement
+constructor.
+
+Conflict:NA
+Reference:https://github.com/openSUSE/libsolv/commit/2b5e6c28be7dffe1a3b5e90a35c5ee425c08aeb0
+
+---
+ bindings/solv.i | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bindings/solv.i b/bindings/solv.i
+index 3a6bac468..1d35bf61b 100644
+--- a/bindings/solv.i
+++ b/bindings/solv.i
+@@ -3411,7 +3411,7 @@ returnself(matchsolvable)
+     e = solv_calloc(1, sizeof(*e));
+     e->solv = solv;
+     e->problemid = problemid;
+-    e->solutionid = id;
+    e->solutionid = solutionid;
+     e->id = id;
+     e->type = type;
+     e->p = p;
--- a/backport-ensure-duplinvolvedmap_all-is-reset.patch
+++ b/backport-ensure-duplinvolvedmap_all-is-reset.patch
@ -0,0 +1,30 @@
+From dd6e977782816e330a8f60cf78ca3d12fead3b10 Mon Sep 17 00:00:00 2001
+From: Jon Turney <jon.turney@dronecode.org.uk>
+Date: Sun, 14 Aug 2022 18:45:20 +0100
+Subject: [PATCH] Ensure duplinvolvedmap_all is reset when a solver is reused
+
+Otherwise, if solver is used with a SOLVER_DISTUPGRADE job, then reused
+without one, this will cause solver_addduprules() to be called, even
+though needduprules is 0, which will crash trying to dereference
+solv->dupmap, which is NULL because solver_createdupmaps() hasn't been
+called.
+
+Conflict:NA
+Reference:https://github.com/openSUSE/libsolv/commit/dd6e977782816e330a8f60cf78ca3d12fead3b10
+
+---
+ src/solver.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/solver.c b/src/solver.c
+index 28341d6d3..e3779e232 100644
+--- a/src/solver.c
+++ b/src/solver.c
+@@ -3533,6 +3533,7 @@ solver_solve(Solver *solv, Queue *job)
+   map_zerosize(&solv->bestupdatemap);
+   solv->fixmap_all = 0;
+   map_zerosize(&solv->fixmap);
+  solv->dupinvolvedmap_all = 0;
+   map_zerosize(&solv->dupmap);
+   map_zerosize(&solv->dupinvolvedmap);
+   solv->process_orphans = 0;
--- a/libsolv.spec
+++ b/libsolv.spec
@ -15,7 +15,7 @@

 Name:                  libsolv
 Version:               0.7.14
-Release:               6
+Release:               7
 Summary:               Package dependency solver                    
 License:               BSD
 URL:                   https://github.com/openSUSE/libsolv
@ -28,6 +28,9 @@ Patch3:                use-memmove-for-overlapping-regions.patch

 #fix CVE-2021-3200,CVE-2021-44568,CVE-2021-44569,CVE-2021-44571,CVE-2021-44573,CVE-2021-44574,CVE-2021-44575,CVE-2021-44576,CVE-2021-44577,CVE-2021-33938,CVE-2021-33929,CVE-2021-33928,CVE-2021-33930
 Patch6000:             backport-testcase-read.patch
+Patch6001:             backport-Fix-memory-leak-when-using-testsolv-to-execute-cases.patch
+Patch6002:             backport-Fix-segfault-on-conflict-resolution-when-using-bindings.patch
+Patch6003:             backport-ensure-duplinvolvedmap_all-is-reset.patch

 BuildRequires:         cmake gcc-c++ ninja-build pkgconfig(rpm) zlib-devel
 BuildRequires:         libxml2-devel xz-devel bzip2-devel libzstd-devel 
@ -195,6 +198,10 @@ Python 3 version.
 %{_mandir}/man3/%{name}*.3*

 %changelog
+* Tue Oct 20 2022 hanhuihui <hanhuihui5@huawei.com> - 0.7.14-7
+- SUG:NA
+- DESC:fix memory leak, bindings error, crash error
+
 * Thu Mar 03 2022 xingxing <xingxing9@h-partners.com> - 0.7.14-6
 - Type:cves
 - CVE:CVE-2021-3200-CVE-2021-44568-CVE-2021-44569-CVE-2021-44571-CVE-2021-44573-CVE-2021-44574-CVE-2021-44575-CVE-20