sd-journal: fix use-after-free

As commented in the code, we need to replace the pointer to the key, hence, hashmap_replace() must be used, instead of hashmap_update(). Fixes #27459.
author: Yu Watanabe <watanabe.yu+github@gmail.com> 2023-04-30 06:57:49 +0900
committer: Yu Watanabe <watanabe.yu+github@gmail.com> 2023-05-01 14:24:55 +0900
commit: e28d82512742b65c9d44273df614dceff5fb9a34 (patch)
tree: 46715e323c484a02c381f33ab51e22048521c256 /src/libsystemd
parent: 958982415808eeec956e79c4f7ca030af5af1b71 (diff)
download: systemd-e28d82512742b65c9d44273df614dceff5fb9a34.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c
index b0194e875c..d5561c9a46 100644
--- a/src/libsystemd/sd-journal/sd-journal.c
+++ b/src/libsystemd/sd-journal/sd-journal.c
@@ -2304,7 +2304,7 @@ static void journal_file_unlink_newest_by_bood_id(sd_journal *j, JournalFile *f)
                 /* There's still a member in the prioq? Then make sure the hashmap key now points to its
                  * .newest_boot_id field (and not ours!). Not we only replace the memory of the key here, the
                  * value of the key (and the data associated with it) remain the same. */
-                assert_se(hashmap_update(j->newest_by_boot_id, &nf->newest_boot_id, p) >= 0);
+                assert_se(hashmap_replace(j->newest_by_boot_id, &nf->newest_boot_id, p) >= 0);
         else {
                 assert_se(hashmap_remove(j->newest_by_boot_id, &f->newest_boot_id) == p);
                 prioq_free(p);
author	Yu Watanabe <watanabe.yu+github@gmail.com>	2023-04-30 06:57:49 +0900
committer	Yu Watanabe <watanabe.yu+github@gmail.com>	2023-05-01 14:24:55 +0900
commit	e28d82512742b65c9d44273df614dceff5fb9a34 (patch)
tree	46715e323c484a02c381f33ab51e22048521c256 /src/libsystemd
parent	958982415808eeec956e79c4f7ca030af5af1b71 (diff)
download	systemd-e28d82512742b65c9d44273df614dceff5fb9a34.tar.gz