From b7e1ae052571ec92793c5e65b3032e779de8ffe9 Mon Sep 17 00:00:00 2001
From: s <sunyuechi@iscas.ac.cn>
Date: Fri, 28 Jul 2023 15:31:12 +0800
Subject: [PATCH] fix test free memory error

---
 fix-mem-leak.patch | 86 ++++++++++++++++++++++++++++++++++++++++++++++
 libvarlink.spec    |  8 +++--
 2 files changed, 92 insertions(+), 2 deletions(-)
 create mode 100644 fix-mem-leak.patch

diff --git a/fix-mem-leak.patch b/fix-mem-leak.patch
new file mode 100644
index 0000000..1193041
--- /dev/null
+++ b/fix-mem-leak.patch
@@ -0,0 +1,86 @@
+From 6c69ff73b9f33ce96964f8b5744c3f9333c7c1a3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
+Date: Mon, 28 Nov 2022 04:25:56 +0100
+Subject: [PATCH 1/2] fix: avoid use-after-free after varlink_call_unref()
+
+The code accessed "call->connection" after "call" has been freed by
+varlink_call_unref().
+
+Refactor this pattern and make a save a pointer to connection before
+freeing call.
+---
+ lib/service.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/lib/service.c b/lib/service.c
+index c19e259..fd55e31 100644
+--- a/lib/service.c
++++ b/lib/service.c
+@@ -109,6 +109,11 @@ _public_ void varlink_call_unrefp(VarlinkCall **callp) {
+                 varlink_call_unref(*callp);
+ }
+ 
++static void varlink_call_remove_from_connection(VarlinkCall *call) {
++        ServiceConnection *connection = call->connection;
++        connection->call = varlink_call_unref(call);
++}
++
+ _public_ const char *varlink_call_get_method(VarlinkCall *call) {
+         return call->method;
+ }
+@@ -640,7 +645,7 @@ _public_ long varlink_call_reply(VarlinkCall *call,
+                 return -VARLINK_ERROR_INVALID_CALL;
+ 
+         if (call->flags & VARLINK_CALL_ONEWAY) {
+-                call->connection->call = varlink_call_unref(call);
++                varlink_call_remove_from_connection(call);
+                 return 0;
+         }
+ 
+@@ -657,7 +662,7 @@ _public_ long varlink_call_reply(VarlinkCall *call,
+                 call->connection->events_mask |= EPOLLOUT;
+ 
+         if (!(flags & VARLINK_REPLY_CONTINUES))
+-                call->connection->call = varlink_call_unref(call);
++                varlink_call_remove_from_connection(call);
+ 
+         return 0;
+ }
+@@ -710,7 +715,7 @@ _public_ long varlink_call_reply_error(VarlinkCall *call,
+         if (r == 0)
+                 call->connection->events_mask |= EPOLLOUT;
+ 
+-        call->connection->call = varlink_call_unref(call);
++        varlink_call_remove_from_connection(call);
+         return 0;
+ }
+ 
+
+From d934255a8be07b990c48d603d34289f76763c8ce Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
+Date: Mon, 28 Nov 2022 04:49:46 +0100
+Subject: [PATCH 2/2] array: zero-initialize newly allocated array memory
+
+---
+ lib/array.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/array.c b/lib/array.c
+index d1b6d35..c2827fe 100644
+--- a/lib/array.c
++++ b/lib/array.c
+@@ -18,10 +18,14 @@ struct VarlinkArray {
+ 
+ static long array_append(VarlinkArray *array, VarlinkValue **valuep) {
+         if (array->n_elements == array->n_allocated_elements) {
++                unsigned long prev_n_allocated_elements = array->n_allocated_elements;
+                 array->n_allocated_elements = MAX(array->n_allocated_elements * 2, 16);
+                 array->elements = realloc(array->elements, array->n_allocated_elements * sizeof(VarlinkValue));
+                 if (!array->elements)
+                         return -VARLINK_ERROR_PANIC;
++                memset(array->elements + prev_n_allocated_elements,
++                       0,
++                       (array->n_allocated_elements - prev_n_allocated_elements) * sizeof(VarlinkValue));
+         }
+ 
+         *valuep = &array->elements[array->n_elements];
diff --git a/libvarlink.spec b/libvarlink.spec
index 9ff6689..f729230 100644
--- a/libvarlink.spec
+++ b/libvarlink.spec
@@ -2,7 +2,7 @@
 
 Name:           libvarlink
 Version:        23
-Release:        2
+Release:        3
 Summary:        Varlink C Library
 License:        Apache-2.0 and BSD-3-Clause
 URL:            https://github.com/varlink/libvarlink
@@ -10,6 +10,7 @@ Source0:        https://github.com/varlink/%{name}/archive/%{version}/%{name}-%{
 BuildRequires:  meson
 BuildRequires:  gcc
 BuildRequires:  glibc-langpack-de
+Patch0:         fix-mem-leak.patch
 
 %description
 Varlink C Library
@@ -29,7 +30,7 @@ Summary:        Varlink command line tools
 The libvarlink-util package contains varlink command line tools.
 
 %prep
-%autosetup
+%autosetup -p1
 
 %build
 %meson
@@ -59,6 +60,9 @@ export LC_CTYPE=C.utf8
 %{_libdir}/pkgconfig/libvarlink.pc
 
 %changelog
+* Fri Jul 28 2023 yoo <sunyuechi@iscas.ac.cn> - 23-3
+- fix test free memory error
+
 * Fri Dec 09 2022 liukuo <liukuo@kylinos.cn> - 23-2
 - License compliance rectification
 
-- 
Gitee