From 0a1c3e548f8ad5adc272538d2638ed1c8413fe11 Mon Sep 17 00:00:00 2001
From: Marek Blaha <mblaha@redhat.com>
Date: Mon, 11 Nov 2024 14:29:08 +0100
Subject: [PATCH] repo: Fix invalid free()

Check the solv_read_userdata() return code before creating a unique_ptr
with SolvUserdata.
In case the solv_read_userdata() failed, the solv_free would be called
on unitialized data causing undefined behavior.

Resolves: https://github.com/rpm-software-management/dnf5/issues/1845
---
 libdnf5/repo/solv_repo.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libdnf5/repo/solv_repo.cpp b/libdnf5/repo/solv_repo.cpp
index 67025e452..78657e1d4 100644
--- a/libdnf5/repo/solv_repo.cpp
+++ b/libdnf5/repo/solv_repo.cpp
@@ -84,13 +84,13 @@ bool SolvRepo::can_use_solvfile_cache(solv::Pool & pool, fs::File & solvfile_cac
     int dnf_solv_userdata_len_read;
 
     int ret_code = solv_read_userdata(solvfile_cache.get(), &dnf_solv_userdata_read, &dnf_solv_userdata_len_read);
-    std::unique_ptr<SolvUserdata, decltype(&solv_free)> solv_userdata(
-        reinterpret_cast<SolvUserdata *>(dnf_solv_userdata_read), &solv_free);
     if (ret_code != 0) {
         logger.warning(
             ("Failed to read solv userdata: \"{}\": for: {}"), pool_errstr(*pool), solvfile_cache.get_path().native());
         return false;
     }
+    std::unique_ptr<SolvUserdata, decltype(&solv_free)> solv_userdata(
+        reinterpret_cast<SolvUserdata *>(dnf_solv_userdata_read), &solv_free);
 
     if (dnf_solv_userdata_len_read != SOLV_USERDATA_SIZE) {
         logger.warning(