[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] gawk 3.1.8: Fix double free error in free_wstr
|
From: |
Aharon Robbins |
|
Subject: |
Re: [PATCH] gawk 3.1.8: Fix double free error in free_wstr |
|
Date: |
Mon, 01 Nov 2010 22:18:16 +0200 |
|
User-agent: |
Heirloom mailx 12.4 7/29/08 |
Hi. Thanks for the patch and test case.
I'll get these into the CVS soon, probably this week.
Arnold
> Date: Mon, 1 Nov 2010 12:12:00 -0400 (EDT)
> From: Vojtech Vitek <address@hidden>
> To: address@hidden
> Cc: Ondrej Vasik <address@hidden>
> Subject: [PATCH] gawk 3.1.8: Fix double free error in free_wstr
>
> Hi,
>
> I'm sending you patch for double free error in free_wstr, reported here:
> https://bugzilla.redhat.com/show_bug.cgi?id=629196
>
> Bug is reproducible simply by running:
> $ echo -e "\n" | gawk '{ if (!length($1)) $1=""; }'
>
> Bug appears at least in versions 3.1.8 and 3.1.70 (which is current
> head of CVS gawk-devel). Patch should be applicable to both.
> $ patch -p0 < gawk-3.1.8-double_free_wstptr.patch
>
>
> Index: node.c
> ===================================================================
> RCS file: /sources/gawk/gawk-devel/node.c,v
> retrieving revision 1.3
> diff -u -r1.3 node.c
> --- node.c 6 May 2010 19:00:58 -0000 1.3
> +++ node.c 27 Oct 2010 17:56:49 -0000
> @@ -758,6 +758,15 @@
>
> assert((n->flags & (STRING|STRCUR)) != 0);
>
> + /*
> + * Don't convert global null string or global null field
> + * variables to a wide string. They are both zero-length anyway.
> + * This also avoids future double-free errors while releasing
> + * shallow copies, eg. *tmp = *Null_field; free_wstr(tmp);
> + */
> + if (n == Nnull_string || n == Null_field)
> + return n;
> +
> if ((n->flags & WSTRCUR) != 0) {
> if (ptr == NULL)
> return n;
>
> Regards, Vojtech
> --
> Vojtech Vitek (V-Teq) <address@hidden>
> GPG 5FF0B464