diff options
author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2023-04-30 06:57:49 +0900 |
---|---|---|
committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2023-05-01 14:24:55 +0900 |
commit | e28d82512742b65c9d44273df614dceff5fb9a34 (patch) | |
tree | 46715e323c484a02c381f33ab51e22048521c256 /src/libsystemd | |
parent | 958982415808eeec956e79c4f7ca030af5af1b71 (diff) | |
download | systemd-e28d82512742b65c9d44273df614dceff5fb9a34.tar.gz |
sd-journal: fix use-after-free
As commented in the code, we need to replace the pointer to the key,
hence, hashmap_replace() must be used, instead of hashmap_update().
Fixes #27459.
Diffstat (limited to 'src/libsystemd')
-rw-r--r-- | src/libsystemd/sd-journal/sd-journal.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c index b0194e875c..d5561c9a46 100644 --- a/src/libsystemd/sd-journal/sd-journal.c +++ b/src/libsystemd/sd-journal/sd-journal.c @@ -2304,7 +2304,7 @@ static void journal_file_unlink_newest_by_bood_id(sd_journal *j, JournalFile *f) /* There's still a member in the prioq? Then make sure the hashmap key now points to its * .newest_boot_id field (and not ours!). Not we only replace the memory of the key here, the * value of the key (and the data associated with it) remain the same. */ - assert_se(hashmap_update(j->newest_by_boot_id, &nf->newest_boot_id, p) >= 0); + assert_se(hashmap_replace(j->newest_by_boot_id, &nf->newest_boot_id, p) >= 0); else { assert_se(hashmap_remove(j->newest_by_boot_id, &f->newest_boot_id) == p); prioq_free(p); |