uploadprogress-segfault.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

From b0e5f122b45ddbf7d7475b927e148d6dd5bf3c86 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Fri, 30 Apr 2021 17:46:07 +0200
Subject: [PATCH] Fix #79584: Segmentation fault in uploadprogress 1.1.0 and up

---
 uploadprogress.c | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/uploadprogress.c b/uploadprogress.c
index 6f72a92..ca3f17b 100644
--- a/uploadprogress.c
+++ b/uploadprogress.c
@@ -105,30 +105,23 @@ static int uploadprogress_php_rfc1867_file(unsigned int event, void  *event_data
         }
 
         if (strcmp(e_data->name, "UPLOAD_IDENTIFIER") == 0)  {
-            char **upload_id;
             char *template = INI_STR("uploadprogress.file.filename_template");
 
             if (strcmp(template, "") == 0)  {
                 return FAILURE;
             }
 
-            upload_id = emalloc(strlen(*e_data->value) + 1);
-            strcpy(*upload_id, *e_data->value);
-
-            progress->upload_id = *upload_id;
+            progress->upload_id = emalloc(strlen(*e_data->value) + 1);
+            strcpy(progress->upload_id, *e_data->value);
             progress->time_last = time(NULL);
             progress->speed_average = 0;
             progress->speed_last = 0;
             progress->bytes_uploaded = read_bytes;
             progress->files_uploaded = 0;
             progress->est_sec = 0;
-            progress->identifier = uploadprogress_mk_filename(*upload_id, template);
+            progress->identifier = uploadprogress_mk_filename(progress->upload_id, template);
             progress->identifier_tmp = emalloc(strlen( progress->identifier) + 4);
             sprintf(progress->identifier_tmp, "%s.wr", progress->identifier);
-
-            if (upload_id) {
-                efree(upload_id);
-            }
         }
     }
 
@@ -198,6 +191,7 @@ static int uploadprogress_php_rfc1867_file(unsigned int event, void  *event_data
             }
         } else if (event == MULTIPART_EVENT_END) {
             VCWD_UNLINK(progress->identifier);
+            efree(progress->upload_id);
             efree(progress->identifier);
             efree(progress->identifier_tmp);
             efree(progress);
@@ -264,6 +258,10 @@ static int uploadprogress_php_rfc1867_file(unsigned int event, void  *event_data
             efree(progress->identifier);
         }
 
+        if (progress->upload_id) {
+            efree(progress->upload_id);
+        }
+
         if (progress->identifier_tmp) {
             efree(progress->identifier_tmp);
         }