Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/usr.bin/m4 fix use-after-free issue.



details:   https://anonhg.NetBSD.org/src/rev/e9c3f948310d
branches:  trunk
changeset: 997790:e9c3f948310d
user:      christos <christos%NetBSD.org@localhost>
date:      Tue Mar 26 16:41:06 2019 +0000

description:
fix use-after-free issue.

diffstat:

 usr.bin/m4/main.c |  12 +++++++++---
 1 files changed, 9 insertions(+), 3 deletions(-)

diffs (35 lines):

diff -r c30be0eb75b7 -r e9c3f948310d usr.bin/m4/main.c
--- a/usr.bin/m4/main.c Tue Mar 26 16:39:50 2019 +0000
+++ b/usr.bin/m4/main.c Tue Mar 26 16:41:06 2019 +0000
@@ -1,5 +1,5 @@
 /*     $OpenBSD: main.c,v 1.77 2009/10/14 17:19:47 sthen Exp $ */
-/*     $NetBSD: main.c,v 1.47 2019/03/26 15:00:34 christos Exp $       */
+/*     $NetBSD: main.c,v 1.48 2019/03/26 16:41:06 christos Exp $       */
 
 /*-
  * Copyright (c) 1989, 1993
@@ -42,7 +42,7 @@
 #include "nbtool_config.h"
 #endif
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: main.c,v 1.47 2019/03/26 15:00:34 christos Exp $");
+__RCSID("$NetBSD: main.c,v 1.48 2019/03/26 16:41:06 christos Exp $");
 #include <assert.h>
 #include <signal.h>
 #include <getopt.h>
@@ -540,8 +540,14 @@
                                fp = sp;        /* new frame pointer */
                /*
                 * now push the string arguments:
+                * XXX: Copy the macro definition. This leaks, but too
+                * lazy to fix properly.
+                * The problem is that if we evaluate a pushdef'ed
+                * macro and then popdef it while it the definition 
+                * is still on the stack we are going to reference
+                * free memory.
                 */
-                               pushs1(macro_getdef(p)->defn);  /* defn string */
+                               pushs1(xstrdup(macro_getdef(p)->defn)); /* defn string */
                                pushs1((char *)macro_name(p));  /* macro name  */
                                pushs(ep);              /* start next..*/
 



Home | Main Index | Thread Index | Old Index