[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[7009] fix pointer into freed area of memory bug
From: |
Gavin D. Smith |
Subject: |
[7009] fix pointer into freed area of memory bug |
Date: |
Sat, 13 Feb 2016 15:26:13 +0000 |
Revision: 7009
http://svn.sv.gnu.org/viewvc/?view=rev&root=texinfo&revision=7009
Author: gavin
Date: 2016-02-13 15:23:48 +0000 (Sat, 13 Feb 2016)
Log Message:
-----------
fix pointer into freed area of memory bug
Modified Paths:
--------------
trunk/ChangeLog
trunk/info/Makefile.am
trunk/info/nodes.c
trunk/info/nodes.h
Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog 2016-02-13 04:27:36 UTC (rev 7008)
+++ trunk/ChangeLog 2016-02-13 15:23:48 UTC (rev 7009)
@@ -1,5 +1,15 @@
2016-02-13 Gavin Smith <address@hidden>
+ * info/nodes.c (info_node_of_tag_ext): Don't save a pointer into
+ the file buffer in the tag table, because it could continue
+ after the file buffer was garbage collected. Change the logic
+ around so that the NODE field of the TAG structure is
+ initialized from the NODE object we return, instead of vice versa.
+ * info/nodes.h (FILE_BUFFER, TAG): Comments changed.
+ * info/t/search-split-after-index.sh: New test.
+
+2016-02-13 Gavin Smith <address@hidden>
+
* doc/texinfo.texi (Customization Variables and Options): Move
@vindex commands after @item, so that the index entries refer to
the right row of the @multitable.
Modified: trunk/info/Makefile.am
===================================================================
--- trunk/info/Makefile.am 2016-02-13 04:27:36 UTC (rev 7008)
+++ trunk/info/Makefile.am 2016-02-13 15:23:48 UTC (rev 7009)
@@ -133,6 +133,7 @@
t/xref-to-anchor.sh \
t/search-after-tag.sh \
t/split-file-menu.sh \
+ t/search-split-after-index.sh \
t/index.sh \
t/no-index.sh \
t/index-apropos.sh \
Modified: trunk/info/nodes.c
===================================================================
--- trunk/info/nodes.c 2016-02-13 04:27:36 UTC (rev 7008)
+++ trunk/info/nodes.c 2016-02-13 15:23:48 UTC (rev 7009)
@@ -1384,8 +1384,6 @@
tag_ptr = &fb->tags[node_pos];
}
- /* Get the node. */
-
/* We haven't checked the entry pointer yet. Look for the node
around about it and adjust it if necessary. */
if (tag->cache.nodelen == -1)
@@ -1396,43 +1394,49 @@
set_tag_nodelen (subfile, tag);
}
- if (!tag->cache.contents || (tag->cache.flags & N_Simple))
+ node = xmalloc (sizeof (NODE));
+ memset (node, 0, sizeof (NODE));
+ if (tag->cache.references)
{
+ /* Initialize the node from the cache. */
+ *node = tag->cache;
+ if (!node->contents)
+ {
+ node->contents = subfile->contents + tag->nodestart_adjusted;
+ node->contents += skip_node_separator (node->contents);
+ }
+ }
+ else
+ {
/* Data for node has not been generated yet. */
- NODE *cache = &tag->cache;
- cache->contents = subfile->contents + tag->nodestart_adjusted;
- cache->contents += skip_node_separator (cache->contents);
- cache->nodename = tag->nodename;
- cache->flags = tag->flags;
+ node->contents = subfile->contents + tag->nodestart_adjusted;
+ node->contents += skip_node_separator (node->contents);
+ node->nodelen = tag->cache.nodelen;
+ node->nodename = tag->nodename;
+ node->flags = tag->flags;
- cache->fullpath = parent->fullpath;
+ node->fullpath = parent->fullpath;
if (parent != subfile)
- cache->subfile = tag->filename;
+ node->subfile = tag->filename;
- if (!fast && !tag->cache.references)
+ if (fast)
+ node->flags |= N_Simple;
+ else
{
/* Read locations of references in node and similar. Strip Info file
syntax from node if preprocess_nodes=On. Adjust the offsets of
anchors that occur within the node. */
- scan_node_contents (cache, parent, tag_ptr);
- cache->flags &= ~N_Simple;
+ scan_node_contents (node, parent, tag_ptr);
+
+ if (!preprocess_nodes_p)
+ node_set_body_start (node);
+ tag->cache = *node;
+ if (!(node->flags & N_WasRewritten))
+ tag->cache.contents = 0; /* Pointer into file buffer
+ is not saved. */
}
- else
- cache->flags |= N_Simple;
-
- if (!preprocess_nodes_p)
- node_set_body_start (cache);
}
- /* Initialize the node from the tag. */
- node = xmalloc (sizeof (NODE));
- memcpy (node, &tag->cache, sizeof (NODE));
- if (!node->contents)
- {
- node->contents = subfile->contents + tag->nodestart_adjusted;
- node->contents += skip_node_separator (node->contents);
- }
-
/* We can't set this when tag table is built, because
if file is split, we don't know which of the sub-files
are compressed. */
Modified: trunk/info/nodes.h
===================================================================
--- trunk/info/nodes.h 2016-02-13 04:27:36 UTC (rev 7008)
+++ trunk/info/nodes.h 2016-02-13 15:23:48 UTC (rev 7009)
@@ -106,7 +106,7 @@
char *filename; /* The file where this node can be found. */
char *nodename; /* The node pointed to by this tag. */
long nodestart; /* The value read from the tag table. */
- long nodestart_adjusted;
+ long nodestart_adjusted; /* Where the node or anchor actually is. */
int flags; /* Same as NODE.flags. */
NODE cache; /* Saved information about pointed-to node. */
} TAG;
@@ -115,9 +115,7 @@
of Info files that we have loaded at least once before. The FINFO member
is present so that we can reload the file if it has been modified since
last being loaded. All of the arrays appearing within this structure
- are NULL terminated, and each array which can change size has a
- corresponding SLOTS member which says how many slots have been allocated
- (with malloc ()) for this array. */
+ are NULL terminated. */
typedef struct {
char *filename; /* The filename used to find this file. */
char *fullpath; /* The full pathname of this info file. */
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [7009] fix pointer into freed area of memory bug,
Gavin D. Smith <=