View Issue Details

IDCategoryLast Update
0007926bugs2020-03-11 14:51
Reporterarya leeAssigned Topaul 
Reproducibilityhave not tried 
Status resolvedResolutionfixed 
Product Version 
Fixed in Version 
Summary0007926: use after free: issue when using libxml2 API 'xmlFreeDoc' and 'xmlXPathFreeContext'
DescriptionI find a 'use after free' vulnerability when I read ardour' source code at Github. This issue lies in 774 line, 782 line of ardour/libs/pbd/xml++.cc. After releasing the 'ctxt' structure using 'xmlXPathFreeContext', the next line try to free 'ctxt->doc'.
I haven't done an experiment to verify it yet, but I think it's a problem.
PS, xmlXPathFreeContext, xmlFreeDoc are APIs of libxml2.
TagsNo tags attached.

Activities

paul

2020-03-11 14:51

administrator   ~0021018

This code originally came from libxml++. It does indeed look like an error. Fixed in 96daa4036a42

Issue History

Date Modified Username Field Change
2020-03-11 14:11 arya lee New Issue
2020-03-11 14:51 paul Assigned To => paul
2020-03-11 14:51 paul Status new => resolved
2020-03-11 14:51 paul Resolution open => fixed
2020-03-11 14:51 paul Note Added: 0021018