[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[patch] m4 memory corruption bug

From: M. Levinson
Subject: [patch] m4 memory corruption bug
Date: Sat, 24 Feb 2007 19:30:56 -0500

The GET_STRING macro in src/freeze.c from the current CVS sources has a
trivial bug that can cause reload_frozen_state() to reuse freed memory: If
CHECK_ALLOCATION modifies the temporary pointer p to point at newly-allocated
memory, GET_STRING's original pointer Buf still points at the old block of
memory that CHECK_ALLOCATION has freed.

Below is a patch that fixes the problem, but I don't think I can provide
a test case that will demonstrate the bug in a portable way. On my system
m4 frequently segfaults when invoked with the -R option, but of course on
any other system the results for the same frozen state files will differ
depending on exactly how and when the freed memory gets reused.

--- src/freeze.c        2007/02/05 17:48:11     1.1
+++ src/freeze.c        2007/02/24 22:56:10
@@ -414,8 +414,9 @@
   do                                                           \
     {                                                          \
       size_t len = (StrLen);                                   \
-      char *p = (Buf);                                         \
-      CHECK_ALLOCATION (p, (BufSize), len);                    \
+      char *p;                                                 \
+      CHECK_ALLOCATION ((Buf), (BufSize), len);                        \
+      p = (Buf);                                               \
       while (len-- > 0)                                                \
        {                                                       \
          int ch = (version > 1 ? decode_char (File)            \

reply via email to

[Prev in Thread] Current Thread [Next in Thread]