diff options
| author | Michael Budde <mbudde@gmail.com> | 2019-01-28 18:43:08 +0100 |
|---|---|---|
| committer | Michael Budde <mbudde@gmail.com> | 2019-01-28 18:59:16 +0100 |
| commit | 96c88663ce3b74fe04d483ad453f1dff504123ff (patch) | |
| tree | e6cbcb5e8be58aa5506301fe07489145671f399d /doc | |
| parent | 28c8f3bbd90d10ae52556c28460b421fd0c77168 (diff) | |
| download | fork-ledger-96c88663ce3b74fe04d483ad453f1dff504123ff.tar.gz fork-ledger-96c88663ce3b74fe04d483ad453f1dff504123ff.tar.bz2 fork-ledger-96c88663ce3b74fe04d483ad453f1dff504123ff.zip | |
Fix use-after-free when destroying filter chain
When using the `--gain` option the `temporaries_t` in
`changed_value_posts` filter stores a reference to the `<Revalued>` temp
account created in `display_filter_posts`. When destroying the filter
chain `display_filter_posts` is destroyed before `changed_value_posts`
and this can result in a use-after-free in `temporaries_t::clear()` when
`temps` in `changed_value_posts` is cleared during destruction if there
are any temp posts referencing the `<Revalued>` account.
Fix the issue by clearing the `temporaries_t` in `changed_value_posts`
before destroying the rest of the filter chain (which includes
`display_filter_posts`).
Fixes #541
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/NEWS | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -54,6 +54,8 @@ - Fix possible stack overflow in date parsing routine (bug #1224, CVE-2017-12482) +- Fix use-after-free when using --gain (bug #541) + - Python: Removed double quotes from Unicode values. - Python: Ensure that parse errors produce useful RuntimeErrors |