From 03d22045ad15ba64e6a4751fa119f83de0c33407 Mon Sep 17 00:00:00 2001 From: SiemensSchuckert <35631785+SiemensSchuckert@users.noreply.github.com> Date: Wed, 4 Dec 2024 18:51:47 +0300 Subject: [PATCH] fix HTTP download crash (on empty file) when empty filelist downloaded from HTTP server, CL_ParseFileList() uses unallocated buffer for strchr() segfault happens: 0 __strchr_avx2 () at ../sysdeps/x86_64/multiarch/strchr-avx2.S:65 1 0x00007ffff743de2c in __interceptor_strchr (s=0x0, c=) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:705 2 0x000055555566d7f8 in CL_ParseFileList (dl=0x55555587a178 ) at src/client/curl/download.c:484 3 0x000055555566e26c in CL_FinishHTTPDownload () at src/client/curl/download.c:670 --- src/client/curl/download.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/client/curl/download.c b/src/client/curl/download.c index 6e9d79f3..393f0b9f 100644 --- a/src/client/curl/download.c +++ b/src/client/curl/download.c @@ -264,6 +264,9 @@ static void CL_StartHTTPDownload (dlqueue_t *entry, dlhandle_t *dl) } // Make sure that the download handle is in empty state. + if (dl->tempBuffer) { + free(dl->tempBuffer); + } dl->tempBuffer = NULL; dl->fileSize = 0; dl->position = 0; @@ -477,6 +480,10 @@ static void CL_ParseFileList(dlhandle_t *dl) return; } + if (!dl->tempBuffer) { + return; + } + char *list = dl->tempBuffer; for (;;)