Package: axis2c Version: 1.6.0-2 Severity: important Tags: patch fixed-upstream
(Setting to important as this causes build failures in some cases: <https://launchpad.net/bugs/600174>.) util/test/uri/uri_test.c uses `clone' after it has already been freed: uri_test.c:64: clone = axutil_uri_clone(uri,env); ... uri_test.c:68: axutil_uri_free(clone,env); ... uri_test.c:75: rel = axutil_uri_resolve_relative(env,base,clone); The fix is to replace `clone' with `uri' (of which it is a copy) in the call to `axutil_uri_resolve_relative', as upstream did in r961590: <http://svn.apache.org/viewvc/axis/axis2/c/core/trunk/util/test/uri/uri_test.c#rev961590> Jani Monoses <j...@ubuntu.com> backported this to 1.6.0-0ubuntu10; I'm attaching their patch reformatted for DEP-3. Thanks, Matej
--- 1.6.0-2~/debian/patches/08-uri-use-after-free.patch +++ 1.6.0-2/debian/patches/08-uri-use-after-free.patch @@ -0,0 +1,19 @@ +Description: Fix use after free in uri_test +Origin: backport, http://svn.apache.org/viewvc/axis/axis2/c/core/trunk/util/test/uri/uri_test.c#rev961590 +Bug-Ubuntu: https://launchpad.net/bugs/600174 +Applied-Upstream: 1.7.0 +Last-Update: 2011-05-14 + +Index: axis2c-1.6.0/util/test/uri/uri_test.c +=================================================================== +--- axis2c-1.6.0.orig/util/test/uri/uri_test.c 2011-03-08 16:43:28.988346623 +0200 ++++ axis2c-1.6.0/util/test/uri/uri_test.c 2011-03-08 16:43:23.020317033 +0200 +@@ -72,7 +72,7 @@ + printf("Test clone failed"); + } + +- rel = axutil_uri_resolve_relative(env,base,clone); ++ rel = axutil_uri_resolve_relative(env,base,uri); + if(rel) + { + printf("The resolved relative uri is %s\n",axutil_uri_to_string(rel,env,0)); --- 1.6.0-2~/debian/patches/series +++ 1.6.0-2/debian/patches/series @@ -8,0 +8,1 @@ +08-uri-use-after-free.patch
