[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-gettext] [bug #47991] memory errors in desktop_lex
|
From: |
David Shea |
|
Subject: |
[bug-gettext] [bug #47991] memory errors in desktop_lex |
|
Date: |
Mon, 23 May 2016 18:43:20 +0000 (UTC) |
|
User-agent: |
Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0 |
Follow-up Comment #1, bug #47991 (project gettext):
I think I see what happened. Value is getting set to a position in buffer at
read-desktop.c:431, but APPEND is called after that, which reallocs buffer and
invalidates that pointer. Here's a possible patch:
diff --git a/gettext-tools/src/read-desktop.c
b/gettext-tools/src/read-desktop.c
index 417c08a..c5a9b08 100644
--- a/gettext-tools/src/read-desktop.c
+++ b/gettext-tools/src/read-desktop.c
@@ -327,7 +327,7 @@ desktop_lex (token_ty *tp)
case '5': case '6': case '7': case '8': case '9':
{
const char *locale = NULL;
- const char *value = NULL;
+ size_t value_start = 0;
for (;;)
{
APPEND (c);
@@ -428,7 +428,7 @@ desktop_lex (token_ty *tp)
break;
}
- value = &buffer[bufpos];
+ value_start = bufpos;
for (;;)
{
c = phase2_getc ();
@@ -440,7 +440,7 @@ desktop_lex (token_ty *tp)
tp->type = token_type_pair;
tp->string = xmemdup (buffer, bufpos);
tp->locale = locale;
- tp->value = value;
+ tp->value = &buffer[value_start];
return;
}
default:
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?47991>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/