Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add guard code to prevent the use of NULL pointers in emitter.c #305

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

rsbeckerca
Copy link

This is related to CVE-2024-35326

Fixes #301

This is related to CVE-2024-35326

Fixes yaml#301

Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
@rsbeckerca
Copy link
Author

This is a candidate contribution of defensive guard code that I added in my own fork to deal with potential NULL pointers and double-frees in the emitter.c code. If this is useful, please consider it.

@rsbeckerca
Copy link
Author

Looking at the CI builds, I don't think the failures are related to this contribution, but I might be wrong about that.

@perlpunk
Copy link
Member

perlpunk commented Aug 8, 2024

Thanks! I had also been playing around with setting things to NULL after freeing, but ran into problems.
But I think the test failure might be related:
https://github.com/yaml/libyaml/actions/runs/10301257382/job/28516105493?pr=305#step:9:189

@perlpunk
Copy link
Member

perlpunk commented Aug 8, 2024

btw, the linked CVE is about heap-buffer-overflow, not double free

@rsbeckerca
Copy link
Author

I'm not sure I understand the test failure. Is this because if a NULL is passed in, it previously ignored it? Or is that a free after free not working anymore - because that would be an actual bug. I did not change that much.

@rsbeckerca
Copy link
Author

@perlpunk Is there a command I can run to test the CI failure? Having trouble viewing it. I would like to make this work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

CVE-2024-35326
2 participants