View Issue Details

IDCategoryLast Update
0007926bugs2020-05-10 14:11
Reporterarya leeAssigned Topaul 
Reproducibilityhave not tried 
Status closedResolutionfixed 
Product Version 
Fixed in Version 
Summary0007926: use after free: issue when using libxml2 API 'xmlFreeDoc' and 'xmlXPathFreeContext'
DescriptionI find a 'use after free' vulnerability when I read ardour' source code at Github. This issue lies in 774 line, 782 line of ardour/libs/pbd/xml++.cc. After releasing the 'ctxt' structure using 'xmlXPathFreeContext', the next line try to free 'ctxt->doc'.
I haven't done an experiment to verify it yet, but I think it's a problem.
PS, xmlXPathFreeContext, xmlFreeDoc are APIs of libxml2.
TagsNo tags attached.

Activities

paul

2020-03-11 14:51

administrator   ~0021018

This code originally came from libxml++. It does indeed look like an error. Fixed in 96daa4036a42

anonymous

2020-05-10 14:11

viewer   ~0024116

Issue has been closed automatically, by Trigger Close Plugin.
Feel free to re-open with additional information if you think the issue is not resolved.

Issue History

Date Modified Username Field Change
2020-03-11 14:11 arya lee New Issue
2020-03-11 14:51 paul Assigned To => paul
2020-03-11 14:51 paul Status new => resolved
2020-03-11 14:51 paul Resolution open => fixed
2020-03-11 14:51 paul Note Added: 0021018
2020-05-10 14:11 anonymous Note Added: 0024116
2020-05-10 14:11 anonymous Status resolved => closed