[Parted-maintainers] previous gptsync patch introduce a problem

[wangyangbo]

patch below
- - -
Description: previous patch gptsync introduce a problem.
in readline EOF case buffer is a garbage chunk, probably
causing heap-overflow.

Author: wangyangbo <wangyangbo at uniontech.com>

---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: other
Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000490
Bug-Debian: https://bugs.debian.org/<bugnumber>
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
Forwarded: <no|not-needed|url proving that it has been forwarded>
Reviewed-By: wangyangbo at uniontech.com
Last-Update: 2021-12-16

--- parted-3.4.orig/libparted/labels/gpt.c
+++ parted-3.4/libparted/labels/gpt.c
@@ -340,7 +340,10 @@ dmi_system_manufacturer (void)
 
   dmidecode = popen ("dmidecode -s system-manufacturer 2>/dev/null", "r");
   if (getline (&manufacturer, &manufacturer_len, dmidecode) < 0) {
-    /* ignore; will return NULL */
+    /* if read EOF, the buffer is a garbage chunk from malloc, not a string.
+       probably cause strchr heap-overflow. so free it*/
+    free (manufacturer);
+    manufacturer = NULL;
   }
   pclose (dmidecode);
   if (manufacturer) {

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/parted-maintainers/attachments/20211216/56d15138/attachment.htm>