From b7b2ef48e8213f80e88a49b1a90de6ac7bf207cd Mon Sep 17 00:00:00 2001
From: Zachary Hanham <z.hanham00@gmail.com>
Date: Tue, 15 Oct 2024 14:14:38 -0400
Subject: [PATCH] use slices.Clone instead of assignment

Fixes #24267

This commit replaces a potentially unsafe slice-assignment with a call to `slices.Clone`.

This could prevent a bug where `saveCommand` and `loadCommand` could end up sharing an underlying array if `parentFlags` has a cap > it's len.

Signed-off-by: Zachary Hanham <z.hanham00@gmail.com>
---
 pkg/domain/infra/abi/images.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index 454c48b353..930eab3c74 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -13,6 +13,7 @@ import (
 	"os/user"
 	"path"
 	"path/filepath"
+	"slices"
 	"strconv"
 	"strings"
 	"syscall"
@@ -803,7 +804,8 @@ func Transfer(ctx context.Context, source entities.ImageScpOptions, dest entitie
 // TransferRootless creates new podman processes using exec.Command and sudo, transferring images between the given source and destination users
 func transferRootless(source entities.ImageScpOptions, dest entities.ImageScpOptions, podman string, parentFlags []string) error {
 	var cmdSave *exec.Cmd
-	saveCommand, loadCommand := parentFlags, parentFlags
+	saveCommand := slices.Clone(parentFlags)
+	loadCommand := slices.Clone(parentFlags)
 	saveCommand = append(saveCommand, []string{"save"}...)
 	loadCommand = append(loadCommand, []string{"load"}...)
 	if source.Quiet {