From: Jo-Philipp Wich Date: Fri, 10 Feb 2017 09:04:57 +0000 (+0100) Subject: libopkg: fix double-free crash on recursive package removal X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=386dbd35e6f5d9c272c68faa0247ffce6cc85b4c;p=oweals%2Fopkg-lede.git libopkg: fix double-free crash on recursive package removal The opkg_remove_dependent_pkgs() function will trigger a pkg_vec_free() and break the loop when an error is returned by opkg_remove_pkg(). Since the vector is freed anyway after the loop, a double free occurs, leading to a segmentation fault. This situation commonly happens when recursively deleting packages in conjunction with --autoremove where dependent packages might already have been removed by previous iterations. Simply break the loop without prematurely freeing the vector to fix this. Signed-off-by: Jo-Philipp Wich --- diff --git a/libopkg/opkg_remove.c b/libopkg/opkg_remove.c index c6f2e37..1ff270d 100644 --- a/libopkg/opkg_remove.c +++ b/libopkg/opkg_remove.c @@ -138,7 +138,6 @@ opkg_remove_dependent_pkgs(pkg_t *pkg, abstract_pkg_t **dependents) for (i = 0; i < dependent_pkgs->len; i++) { err = opkg_remove_pkg(dependent_pkgs->pkgs[i],0); if (err) { - pkg_vec_free(dependent_pkgs); break; } }