From: Maxim Antonov <mantonov@gmail.com>
Date: Thu, 4 Mar 2021 15:31:32 +0000 (+0700)
Subject: free_pattern_spec(): Don't try to free an invalid pointer
X-Git-Tag: v_3_0_33~108^2~5
X-Git-Url: http://www.privoxy.org/gitweb/@default-cgi@/faq/@default-cgi@show-status?a=commitdiff_plain;h=533193b4b79e68b938c82049c609906661177f9e;p=privoxy.git

free_pattern_spec(): Don't try to free an invalid pointer

... when unloading an action file with a TAG pattern while
Privoxy has been compiled without FEATURE_PCRE_HOST_PATTERNS.

   Thread 1 received signal SIGSEGV, Segmentation fault.
   0x00000008015a8bab in regfree (preg=0x800000000) at pcreposix.c:248
   248	pcreposix.c: No such file or directory.
   (gdb) where
   #0  0x00000008015a8bab in regfree (preg=0x800000000) at pcreposix.c:248
   #1  0x000000000045783a in free_pattern_spec (pattern=0x8029b9110) at urlmatch.c:1284
   #2  0x000000000040705f in unload_actions_file (file_data=0x8029b9070) at actions.c:1006
   #3  0x000000000044a146 in sweep () at loaders.c:248
   #4  0x0000000000439bfa in listen_loop () at jcc.c:6230
   #5  0x0000000000439456 in main (argc=3, argv=0x7fffffffe728) at jcc.c:5726
   (gdb) f 1
   #1  0x000000000045783a in free_pattern_spec (pattern=0x8029b9110) at urlmatch.c:1284
   1284	      regfree(pattern->pattern.tag_regex);
   (gdb) p *pattern
   $1 = {spec = 0x0, pattern = {url_spec = {dcount = 0, dbuffer = 0x0, dvec = 0x0, unanchored = 0, port_list = 0x0, preg = 0x0}, tag_regex = 0x800000000}, flags = 16}

Closes: SF patch request #147
---

diff --git a/urlmatch.c b/urlmatch.c
index fa0e15d0..750cd242 100644
--- a/urlmatch.c
+++ b/urlmatch.c
@@ -1263,6 +1263,17 @@ void free_pattern_spec(struct pattern_spec *pattern)
    if (pattern == NULL) return;
 
    freez(pattern->spec);
+
+   if (!(pattern->flags & PATTERN_SPEC_URL_PATTERN))
+   {
+      if (pattern->pattern.tag_regex)
+      {
+         regfree(pattern->pattern.tag_regex);
+         freez(pattern->pattern.tag_regex);
+      }
+      return;
+   }
+
 #ifdef FEATURE_PCRE_HOST_PATTERNS
    if (pattern->pattern.url_spec.host_regex)
    {
@@ -1279,11 +1290,6 @@ void free_pattern_spec(struct pattern_spec *pattern)
       regfree(pattern->pattern.url_spec.preg);
       freez(pattern->pattern.url_spec.preg);
    }
-   if (pattern->pattern.tag_regex)
-   {
-      regfree(pattern->pattern.tag_regex);
-      freez(pattern->pattern.tag_regex);
-   }
 }