Hotfix heapUseAfterFree in db-create command #5470
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
droidmonkey
changed the title
droidmonkey
approved these changes
Sep 25, 2020
louib
approved these changes
Sep 26, 2020
phoerious
added a commit
that referenced
this pull request
Oct 21, 2020
Added - Add option to keep window always on top to view menu [#5542] - Move show/hide usernames and passwords to view menu [#5542] - Add command line options and environment variables for changing the config locations [#5452] - Include TOTP settings in CSV import/export and add support for ISO datetimes [#5346] Changed - Mask sensitive information in command execution confirmation prompt [#5542] - SSH Agent: Avoid shortcut conflict on macOS by changing "Add key" to Ctrl+H on all platforms [#5484] Fixed - Prevent data loss with drag and drop between databases [#5536] - Fix crash when toggling Capslock rapidly [#5545] - Don't mark URL references as invalid URL [#5380] - Reset entry preview after search [#5483] - Set Qt::Dialog flag on database open dialog [#5356] - Fix sorting of database report columns [#5426] - Fix IfDevice matching logic [#5344] - Fix layout issues and a stray scrollbar appearing on top of the entry edit screen [#5424] - Fix tabbing into the notes field [#5424] - Fix password generator ignoring settings on load [#5340] - Restore natural entry sort order on application load [#5438] - Fix paperclip and TOTP columns not saving state [#5327] - Enforce fixed password font in entry preview [#5454] - Add scrollbar when new database wizard exceeds screen size [#5560] - Do not mark database as modified when viewing Auto-Type associations [#5542] - CLI: Fix two heap-use-after-free crashes [#5368,#5470] - Browser: Fix key exchange not working with multiple simultaneous users on Windows [#5485] - Browser: Fix entry retrieval when "only best matching" is enabled [#5316] - Browser: Ignore recycle bin on KeePassHTTP migration [#5481] - KeeShare: Fix import crash [#5542] - macOS: Fix toolbar theming and breadcrumb display issues [#5482] - macOS: Fix file dialog randomly closing [#5479] - macOS: Fix being unable to select OPVault files for import [#5341]
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Upon playing around with the
importanddb-createcommands in the cli,I stumbled over another heap-use-after-free crash after the database has been created.
The crash can be reproduced with compiling the project with the cmake flag
-DWITH_ASAN=ONand using the cli
db-createcommand: e.g../keepassxc-cli db-create -k ~/exampleKeyFile ~/exampleDBThe design problem is described in #5166 and the trouble starts right after the initialization of
currentDatabasein https://github.com/keepassxreboot/keepassxc/blob/develop/src/cli/Create.cpp#L164
I am aware of this PR #5212 which would address this issue already, however since I'm not sure
about the status, I wanted to propose a quick hotfix.
If the other PR will get merged soon, feel free to close this PR.
cheers!
@phoerious I'm sorry I screwed up the rebase attempt & I created this new PR.
Type of change