[PATCH 10/41] libpipe: Fix use-after-realloc

bug-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 10/41] libpipe: Fix use-after-realloc

From:	Sergey Bugaev
Subject:	[PATCH 10/41] libpipe: Fix use-after-realloc
Date:	Tue, 9 May 2023 00:31:05 +0300

We cannot use old_buf after we realloc it, even just for subtracting it
from another pointer. Instead, compute the offsets in advance.
---
 libpipe/pq.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/libpipe/pq.c b/libpipe/pq.c
index af380274..fff03e67 100644
--- a/libpipe/pq.c
+++ b/libpipe/pq.c
@@ -193,20 +193,21 @@ packet_extend (struct packet *packet, size_t new_len)
     /* A malloc'd packet.  */
     {
       char *new_buf;
-      char *old_buf = packet->buf;
+      ptrdiff_t start_offset = packet->buf_start - packet->buf;
+      ptrdiff_t end_offset = packet->buf_end - packet->buf;
 
       if (new_len >= PACKET_SIZE_LARGE)
        /* The old packet length is malloc'd, but we want to vm_allocate the
           new length, so we'd have to copy the old contents.  */
        return 0;
 
-      new_buf = realloc (old_buf, new_len);
+      new_buf = realloc (packet->buf, new_len);
       if (! new_buf)
        return 0;
 
       packet->buf = new_buf;
-      packet->buf_start = new_buf + (packet->buf_start  - old_buf);
-      packet->buf_end = new_buf + (packet->buf_end  - old_buf);
+      packet->buf_start = new_buf + start_offset;
+      packet->buf_end = new_buf + end_offset;
     }
 
   packet->buf_len = new_len;
-- 
2.40.1

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH 01/41] libshouldbeinlibc: Port to x86_64, (continued)
- [PATCH 03/41] libiohelp: Port to x86_64, Sergey Bugaev, 2023/05/08
- [PATCH 04/41] libfshelp: Port to x86_64, Sergey Bugaev, 2023/05/08
- [PATCH 06/41] libtrivfs: Port to x86_64, Sergey Bugaev, 2023/05/08
- [PATCH 09/41] libstore: Port to x86_64, Sergey Bugaev, 2023/05/08
- [PATCH 05/41] libfshelp-tests: Port to x86_64, Sergey Bugaev, 2023/05/08
- [PATCH 07/41] libnetfs: Port to x86_64, Sergey Bugaev, 2023/05/08
- [PATCH 13/41] libmachdev: Port to x86_64, Sergey Bugaev, 2023/05/08
- [PATCH 08/41] libdiskfs: Port to x86_64, Sergey Bugaev, 2023/05/08
- [PATCH 10/41] libpipe: Fix use-after-realloc, Sergey Bugaev <=
- [PATCH 12/41] libps: Silence a warning, Sergey Bugaev, 2023/05/08
  - Re: [PATCH 12/41] libps: Silence a warning, Samuel Thibault, 2023/05/09
    - Re: [PATCH 12/41] libps: Silence a warning, Jessica Clarke, 2023/05/09
    - Re: [PATCH 12/41] libps: Silence a warning, Samuel Thibault, 2023/05/09
- [PATCH 11/41] libps: Port to x86_64, Sergey Bugaev, 2023/05/08
- [PATCH 32/41] tmpfs: Port to x86_64, Sergey Bugaev, 2023/05/08
- [PATCH 29/41] pflocal: Port to x86_64, Sergey Bugaev, 2023/05/08
- [PATCH 14/41] utils: Port to x86_64, Sergey Bugaev, 2023/05/08
- [PATCH 17/41] proc: Port to x86_64, Sergey Bugaev, 2023/05/08
- [PATCH 16/41] auth: Port to x86_64, Sergey Bugaev, 2023/05/08

Prev by Date: [PATCH 08/41] libdiskfs: Port to x86_64
Next by Date: [PATCH 12/41] libps: Silence a warning
Previous by thread: [PATCH 08/41] libdiskfs: Port to x86_64
Next by thread: [PATCH 12/41] libps: Silence a warning
Index(es):
- Date
- Thread