From a7e2650205b014db375fca3b0cdef9e4b316d0a1 Mon Sep 17 00:00:00 2001 From: Daniel Hast Date: Fri, 29 Aug 2025 14:17:15 -0400 Subject: [PATCH] fix: double free in checkout_tree_at_recurse Both `xattrs` and `modified_xattrs` are declared with `g_autoptr`, but `xattrs` is later simply assigned to be equal to `modified_xattrs`, meaning the automatic cleanup is a double-free. This is fixed by instead using `g_steal_pointer` to assign the old value of `xattrs` to a temporary variable, which is used to create the new value. I believe this is the cause of issue #3303, and this should fix #3303. (I can consistently reproduce the issue by attempting to deploy a rechunked image with bootc, and with this patch, the issue no longer occurs and the deployment succeeds.) Signed-off-by: Daniel Hast --- src/libostree/ostree-repo-checkout.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/libostree/ostree-repo-checkout.c b/src/libostree/ostree-repo-checkout.c index ccddb488..aa32ff4a 100644 --- a/src/libostree/ostree-repo-checkout.c +++ b/src/libostree/ostree-repo-checkout.c @@ -997,7 +997,6 @@ checkout_tree_at_recurse (OstreeRepo *self, OstreeRepoCheckoutAtOptions *options g_autoptr (GVariant) dirtree = NULL; g_autoptr (GVariant) dirmeta = NULL; g_autoptr (GVariant) xattrs = NULL; - g_autoptr (GVariant) modified_xattrs = NULL; if (!ostree_repo_load_variant (self, OSTREE_OBJECT_TYPE_DIR_TREE, dirtree_checksum, &dirtree, error)) @@ -1055,8 +1054,8 @@ checkout_tree_at_recurse (OstreeRepo *self, OstreeRepoCheckoutAtOptions *options if (sepolicy_enabled && _ostree_sepolicy_host_enabled (options->sepolicy)) { /* We'll set the xattr via setfscreatecon(), so don't do it via generic xattrs below. */ - modified_xattrs = _ostree_filter_selinux_xattr (xattrs); - xattrs = modified_xattrs; + g_autoptr (GVariant) old_xattrs = g_steal_pointer (&xattrs); + xattrs = _ostree_filter_selinux_xattr (old_xattrs); if (!_ostree_sepolicy_preparefscreatecon (&fscreatecon, options->sepolicy, state->selabel_path_buf->str, mode, error)) -- 2.30.2