Bug#926658: gnuplot: free(): double free detected in tcache 2
Niels Thykier
niels at thykier.net
Mon Apr 8 19:06:00 BST 2019
Niels Thykier:
> Source: gnuplot
> Version: 5.2.6+dfsg1-1
> Severity: important
>
> Hi,
>
> After upgrading lindsay.d.o to buster, we see errors when trying to
> generate graphs of the tags. While trying to create a minimal
> reproducer I tripped a double free bug in gnuplot.
>
> The following steps were done to reproduce the issue:
>
> """
> $ unzip test-files.zip
> $ [...]
> """
>
Attached now.
> Note: The test files *are* invalid - the common.gpi file should define
> some variables but it does not (e.g. date_min). Nonetheless, gnuplot
> should not trip a double-free regardless of whether the input is valid
> or not.
>
Turns out that there are several other mistakes in those files (e.g.
undefined variable passed to sprintf and that is used in a %s, etc.).
But all the same; this should *not* trip a double-free.
Thanks,
~Niels
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test-files.zip
Type: application/zip
Size: 12020 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-science-maintainers/attachments/20190408/243dedf9/attachment-0001.zip>
More information about the debian-science-maintainers
mailing list