From e92c3e977fc0035c584499fe69182c7f36b3d522 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Tue, 25 Oct 2016 22:49:19 -0700 Subject: [PATCH] [int] Fix stack crash and port to non-VLA Crash reported by Michael Watters in: http://lists.gnu.org/archive/html/bug-rcs/2016-10/msg00000.html * b-fro.c: Include xalloc.h. (string_from_atat): Use xnmalloc rather than a variable-length array. VLAs (a) can crash if too big, and (b) are not supported by some C compilers. C11 no longer requires support for VLAs. --- src/ChangeLog | 11 +++++++++++ src/b-fro.c | 4 +++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/ChangeLog b/src/ChangeLog index 71069e6..7f6a1aa 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,14 @@ +2016-10-25 Paul Eggert + + [int] Fix stack crash and port to non-VLA + + Crash reported by Michael Watters in: + http://lists.gnu.org/archive/html/bug-rcs/2016-10/msg00000.html + * b-fro.c: Include xalloc.h. + (string_from_atat): Use xnmalloc rather than a variable-length array. + VLAs (a) can crash if too big, and (b) are not supported by some C + compilers. C11 no longer requires support for VLAs. + 2016-10-24 Thien-Thi Nguyen [int] Incorporate ‘normalize_arg’ into unique caller. diff --git a/src/b-fro.c b/src/b-fro.c index 5749798..9323552 100644 --- a/src/b-fro.c +++ b/src/b-fro.c @@ -33,6 +33,7 @@ #endif #include #include "unistd-safer.h" +#include "xalloc.h" #include "b-complain.h" #include "b-divvy.h" #include "b-fb.h" @@ -381,7 +382,7 @@ string_from_atat (struct divvy *space, struct atat const *atat) { struct fro *f = atat->from; size_t count = atat->count; - struct range r[count]; + struct range *r = xnmalloc (count, sizeof *r); struct cbuf cb; size_t i; @@ -426,6 +427,7 @@ string_from_atat (struct divvy *space, struct atat const *atat) break; } cb.string = finish_string (space, &cb.size); + free (r); return cb; } -- 2.7.4