[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gawk-diffs] [SCM] gawk branch, master, updated. gawk-4.1.0-3820-g0d7384
From: |
Arnold Robbins |
Subject: |
[gawk-diffs] [SCM] gawk branch, master, updated. gawk-4.1.0-3820-g0d7384c |
Date: |
Sun, 1 Sep 2019 14:30:09 -0400 (EDT) |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "gawk".
The branch, master has been updated
via 0d7384c6db25f830ac8710b3046375fee930c4d6 (commit)
from 5c41849e0e78e45db0dc4421f1779ef7bec726da (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.sv.gnu.org/cgit/gawk.git/commit/?id=0d7384c6db25f830ac8710b3046375fee930c4d6
commit 0d7384c6db25f830ac8710b3046375fee930c4d6
Author: Arnold D. Robbins <address@hidden>
Date: Sun Sep 1 21:29:52 2019 +0300
Fix use-after-free issues in profile.c.
diff --git a/ChangeLog b/ChangeLog
index 54bc721..081f07d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2019-09-01 Arnold D. Robbins <address@hidden>
+
+ * profile.c (pp_list, pp_concat): Fix use-after-free errors
+ in both routines. Thanks to valgrind and Andy's MEMDEBUG code.
+
2019-09-01 Andrew J. Schorr <address@hidden>
* awk.h (block_header): Add cnt field even when MEMDEBUG is not
diff --git a/profile.c b/profile.c
index 910a821..8cc19f1 100644
--- a/profile.c
+++ b/profile.c
@@ -1786,30 +1786,31 @@ pp_list(int nargs, const char *paren, const char *delim)
s = str;
if (paren != NULL)
*s++ = paren[0];
- if (nargs > 0) {
- r = pp_args[nargs];
+
+ for (i = nargs; i > 0; i--) {
+ // argument
+ r = pp_args[i];
memcpy(s, r->pp_str, r->pp_len);
s += r->pp_len;
- pp_free(r);
- for (i = nargs - 1; i > 0; i--) {
- if (delimlen > 0) {
- memcpy(s, delim, delimlen);
- s += delimlen;
- }
- if (r->pp_comment != NULL) {
- check_indent_level();
- comment = (INSTRUCTION *) r->pp_comment;
- memcpy(s, comment->memory->stptr,
comment->memory->stlen);
- s += comment->memory->stlen;
- memcpy(s, tabs, indent_level + 1);
- s += indent_level + 1;
- }
- r = pp_args[i];
- memcpy(s, r->pp_str, r->pp_len);
- s += r->pp_len;
- pp_free(r);
+
+ // delimiter
+ if (i > 1 && delimlen > 0) {
+ memcpy(s, delim, delimlen);
+ s += delimlen;
+ }
+
+ // comment if any
+ if (r->pp_comment != NULL) {
+ check_indent_level();
+ comment = (INSTRUCTION *) r->pp_comment;
+ memcpy(s, comment->memory->stptr,
comment->memory->stlen);
+ s += comment->memory->stlen;
+ memcpy(s, tabs, indent_level + 1);
+ s += indent_level + 1;
}
+ pp_free(r);
}
+
if (paren != NULL)
*s++ = paren[1];
*s = '\0';
@@ -1846,7 +1847,7 @@ pp_concat(int nargs)
/*
* items are on the stack in reverse order that they
- * will be printed to pop them off backwards.
+ * will be printed so pop them off backwards.
*/
len = -delimlen;
@@ -1887,7 +1888,6 @@ pp_concat(int nargs)
memcpy(s, r->pp_str, r->pp_len);
s += r->pp_len;
}
- pp_free(r);
if (i < nargs) {
*s++ = ' ';
@@ -1909,7 +1909,10 @@ pp_concat(int nargs)
memcpy(s, r->pp_str, r->pp_len);
s += r->pp_len;
}
- pp_free(r);
+
+ for (i = nargs; i >= 1; i--) {
+ pp_free(pp_args[i]);
+ }
*s = '\0';
return str;
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 5 +++++
profile.c | 49 ++++++++++++++++++++++++++-----------------------
2 files changed, 31 insertions(+), 23 deletions(-)
hooks/post-receive
--
gawk
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [gawk-diffs] [SCM] gawk branch, master, updated. gawk-4.1.0-3820-g0d7384c,
Arnold Robbins <=