[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[patch] m4 memory corruption bug
|
From: |
M. Levinson |
|
Subject: |
[patch] m4 memory corruption bug |
|
Date: |
Sat, 24 Feb 2007 19:30:56 -0500 |
The GET_STRING macro in src/freeze.c from the current CVS sources has a
trivial bug that can cause reload_frozen_state() to reuse freed memory: If
CHECK_ALLOCATION modifies the temporary pointer p to point at newly-allocated
memory, GET_STRING's original pointer Buf still points at the old block of
memory that CHECK_ALLOCATION has freed.
Below is a patch that fixes the problem, but I don't think I can provide
a test case that will demonstrate the bug in a portable way. On my system
m4 frequently segfaults when invoked with the -R option, but of course on
any other system the results for the same frozen state files will differ
depending on exactly how and when the freed memory gets reused.
--- src/freeze.c 2007/02/05 17:48:11 1.1
+++ src/freeze.c 2007/02/24 22:56:10
@@ -414,8 +414,9 @@
do \
{ \
size_t len = (StrLen); \
- char *p = (Buf); \
- CHECK_ALLOCATION (p, (BufSize), len); \
+ char *p; \
+ CHECK_ALLOCATION ((Buf), (BufSize), len); \
+ p = (Buf); \
while (len-- > 0) \
{ \
int ch = (version > 1 ? decode_char (File) \
- [patch] m4 memory corruption bug,
M. Levinson <=