[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gawk: invalid free in str2wstr()
|
From: |
Aharon Robbins |
|
Subject: |
Re: gawk: invalid free in str2wstr() |
|
Date: |
Thu, 04 Jan 2007 19:42:50 +0200 |
Greetings.
I have applied this patch also. Thanks.
Arnold
> Date: Mon, 18 Dec 2006 18:22:57 +0300
> From: "Dmitry V. Levin" <address@hidden>
> Subject: gawk: invalid free in str2wstr()
> To: address@hidden
>
> Hi,
>
> str2wstr() does free(n->wstptr) call if n->wstptr !=3D NULL which is wrong:
> "n->wstptr !=3D NULL" does not yet mean that WSTRCUR is set and
> n->wstptr is valid malloc'ed pointer.
>
> This may lead to invalid free, and this invalid free is reproducable
> (originally reported by Nikolay Fetisov in
> https://bugzilla.altlinux.org/show_bug.cgi?id=3D9785):
> $ cat in
> FOO=BAR
>
> ##
> #This_is_a_comment
> #This_is_a_comment
> $ env -i LANG=ru_RU.UTF-8 gawk '{ print match ($1,"^ *(#|$)") }' in
> 0
> 1
> 1
> 1
> *** glibc detected *** gawk: double free or corruption (fasttop): 0x0809984=
> 0 ***
> ======= Backtrace: =========
> /lib/libc.so.6[0xb7ebb159]
> /lib/libc.so.6(cfree+0x7e)[0xb7ebc6b0]
> gawk(str2wstr+0x30)[0x806ee6d]
> [...]
>
> Proposed fix is attached.
>
>
> --
> ldv
>
> --2oS5YaxWCcQjTEyO
> Content-Type: text/plain; charset�-ascii
> Content-Disposition: attachment; filename�awk-3.1.5-alt-str2wstr.diff"
> Content-Transfer-Encoding: quoted-printable
>
> 2006-12-18 Dmitry V. Levin <address@hidden>
>
> * node.c (str2wstr): Replace invalid `free` call with `free_wstr' call.
>
> Index: node.c
> ===================================================================
> RCS file: /sources/gawk/gawk-stable/node.c,v
> retrieving revision 1.2
> diff -u -p -r1.2 node.c
> --- node.c 11 Aug 2006 12:49:40 -0000 1.2
> +++ node.c 18 Dec 2006 14:56:56 -0000
> @@ -694,12 +694,7 @@ str2wstr(NODE *n, size_t **ptr)
> return n;
> /* otherwise
> fall through and recompute to fill in the array */
> - }
> -
> - if (n->wstptr != NULL) {
> - free(n->wstptr);
> - n->wstptr = NULL;
> - n->wstlen = 0;
> + free_wstr(n);
> }
>
> /*
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: gawk: invalid free in str2wstr(),
Aharon Robbins <=