CVE-2018-6951: An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated...
7.5
Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability description directly points to the intuit_diff_type
function in pch.c
as the location of the NULL pointer dereference. The provided commit diff shows changes made to this specific function to address the issue. The patch adds a check for p_name[reverse]
before it's used, which was missing previously and could lead to dereferencing a NULL pointer if p_name[reverse]
was NULL during a rename or copy operation. This aligns with the 'mangled rename' issue mentioned in the description.
Based on the fetched content of the commit URL, the vulnerable function is intuit_diff_type
in the file src/pch.c
. The patch modifies a conditional statement within this function. The original code was p_name[! reverse] && name_is_valid (p_name[! reverse])
. The fix adds a check for p_name[reverse]
: p_name[reverse] && p_name[! reverse] && name_is_valid (p_name[reverse]) && name_is_valid (p_name[! reverse])
. This change indicates that p_name[reverse]
could have been NULL and accessed, leading to the NULL pointer dereference. The vulnerability description also explicitly mentions this function and the nature of the flaw ('mangled rename' issue).