Bug in make-3.81: variable_buffer moves out from under buffer

[David Wuertele]

I have a very convoluted makefile that triggers what I believe to be a bug in
make-3.81.  I have looked through the savannah buglist and did not find anything
that resembles it.  What I am looking for is some help writing a makefile that
is simple enough to post in a bug report.

The problem is in expand_deps() in file.c, line 545:

  char *o = patsubst_expand (buffer, d->stem, pattern,
                             dp->name, pattern+1,
                             percent+1);

  if (o == buffer)
    dp->name[0] = '\0';
  else
    {
      free (dp->name);
      dp->name = savestring (buffer, o - buffer);
    }

In the above, the patsubst_expand function calls variable_buffer_output() with
buffer as the head of the string to write to.  But if variable_buffer_length is
not long enough to hold what patsubst_expand wants to write,
variable_buffer_output() will xrealloc() buffer to a different size, which could
result in the original contents of buffer getting moved to a different address.

In this rare case (that I am unable to trigger except in my unpostably
convoluted makefile), the expand_deps() code I quoted above calls savestring()
on the original value of buffer, which is an address that got freed when
xrealloc moved its original contents.  Thus, garbage gets saved in dp->name.

I have fixed this bug with the following patch.  Comments?

Dave

--- make-3.81/file.c~   2006-03-17 06:24:20.000000000 -0800
+++ make-3.81/file.c    2009-01-16 13:40:30.000000000 -0800
@@ -545,6 +545,9 @@
                       char *o = patsubst_expand (buffer, d->stem, pattern,
                                                  dp->name, pattern+1,
                                                  percent+1);
+
+                     buffer = variable_buffer;
+
                       if (o == buffer)
                         dp->name[0] = '\0';
                       else