Re: gawk: other double free(

bug-gnu-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gawk: other double free(_wstr)

From:	Aharon Robbins
Subject:	Re: gawk: other double free(_wstr)
Date:	Sat, 27 Jan 2007 21:27:14 +0200

Zeroizing n in rebuild record won't hurt anything. I'm not sure it's
necessary either, though.

More and more I'm starting to lean towards the idea of just having getnode()
do a memset(n, '\0', sizeof(NODE)) and then not having to worry.

I will consider this patch a bit more.

Thanks,

Arnold

> Date: Fri, 12 Jan 2007 12:46:39 +0100
> From: Karel Zak <address@hidden>
> Subject: Re: gawk: other double free(_wstr)
> To: address@hidden
>
> On Fri, Jan 12, 2007 at 11:46:58AM +0100, Karel Zak wrote:
> > 
> >> 
> >  The problem is probably somewhere around rebuild_record(), because it
> >  calls unref() (which correctly deallocates wstptr), but then the 
> >  rebuild_record() reassigns deallocated wstptr back to fields_arr[i]:
> > 
> >      n->stptr = cops;
> >      unref(fields_arr[i]);   <--- free( fields_arr[i]->wstptr )
> >      fields_arr[i] = n;      <--- deallocated wstptr is back 
> >  
> >  I'm not sure how correctly fix the problem, maybe the "n"
> >  should be without WSTRCUR flag before reassigning to fields_arr[i]. 
> > 
> >      n->flags &= ~(MALLOC|TEMP|PERM|STRING|CURSTR|WCURSTR);
> >                                           ^^^^^^^^^^^^^^^
>
>  BTW, in the original Aharon's patch
>  
>     Fri Mar 10 06:28:23 2006  Arnold D. Robbins  <address@hidden>
>  
>  was:
>
>                       n->stptr = cops;
> +                     free_wstr(n);            
>                       unref(fields_arr[i]);
>                       fields_arr[i] = n;
>
>  (but there wasn't free_wstr() in unref())
>
>  I think the "n" should be still zeroized in rebuild_record() :
>
>             n->stptr = cops;
>             unref(fields_arr[i]);
> +           n->wstptr = NULL;
> +           n->wstlen = 0;
> +           n->flag &= ~WCURSTR;
>             fields_arr[i] = n;
>
>
>   Karel
>
>
> -- 
>  Karel Zak  <address@hidden>
>
>
> #####################################################################################
> This Mail Was Scanned by 012.net AntiVirus Service4- Powered by TrendMicro 
> Interscan
>

[Prev in Thread]

Current Thread

[Next in Thread]

Re: gawk: other double free(_wstr), (continued)
- Re: gawk: other double free(_wstr), Aharon Robbins, 2007/01/13
  - Re: gawk: other double free(_wstr), Andrew J. Schorr, 2007/01/13
    - Re: gawk: other double free(_wstr), Karel Zak, 2007/01/15
    - Re: gawk: other double free(_wstr), Andrew J. Schorr, 2007/01/15
    - Re: gawk: other double free(_wstr), Karel Zak, 2007/01/15
    - Re: gawk: other double free(_wstr), Andrew J. Schorr, 2007/01/15
    - Re: gawk: other double free(_wstr), Karel Zak, 2007/01/15
- Re: gawk: other double free(_wstr), Aharon Robbins, 2007/01/13
- Re: gawk: other double free(_wstr), Aharon Robbins, 2007/01/16
- Re: gawk: other double free(_wstr), Aharon Robbins, 2007/01/18
- Re: gawk: other double free(_wstr), Aharon Robbins <=

Prev by Date: Re: gawk: invalid read and write
Next by Date: Re: gawk: invalid read and write
Previous by thread: Re: gawk: other double free(_wstr)
Next by thread: Re: gawk: do_match() invalid read
Index(es):
- Date
- Thread