Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.bin/indent indent: prevent use-after-free bug
details: https://anonhg.NetBSD.org/src/rev/8bcdc4ce1d10
branches: trunk
changeset: 1026318:8bcdc4ce1d10
user: rillig <rillig%NetBSD.org@localhost>
date: Thu Nov 18 23:26:58 2021 +0000
description:
indent: prevent use-after-free bug
Triggered by the following artificial program:
---- snip ----
int *
f
( void)
{
}
---- snap ----
diffstat:
usr.bin/indent/lexi.c | 10 +++++++---
1 files changed, 7 insertions(+), 3 deletions(-)
diffs (32 lines):
diff -r dcbb509182ca -r 8bcdc4ce1d10 usr.bin/indent/lexi.c
--- a/usr.bin/indent/lexi.c Thu Nov 18 23:06:51 2021 +0000
+++ b/usr.bin/indent/lexi.c Thu Nov 18 23:26:58 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: lexi.c,v 1.138 2021/11/07 18:26:17 rillig Exp $ */
+/* $NetBSD: lexi.c,v 1.139 2021/11/18 23:26:58 rillig Exp $ */
/*-
* SPDX-License-Identifier: BSD-4-Clause
@@ -43,7 +43,7 @@
#include <sys/cdefs.h>
#if defined(__NetBSD__)
-__RCSID("$NetBSD: lexi.c,v 1.138 2021/11/07 18:26:17 rillig Exp $");
+__RCSID("$NetBSD: lexi.c,v 1.139 2021/11/18 23:26:58 rillig Exp $");
#elif defined(__FreeBSD__)
__FBSDID("$FreeBSD: head/usr.bin/indent/lexi.c 337862 2018-08-15 18:19:45Z pstef $");
#endif
@@ -708,8 +708,12 @@
while (isalpha((unsigned char)*tp) ||
isspace((unsigned char)*tp)) {
- if (++tp >= inp.e)
+ if (++tp >= inp.e) {
+ const char *s_before = inp.s;
inp_read_line();
+ if (inp.s != s_before)
+ abort();
+ }
}
if (*tp == '(')
ps.procname[0] = ' ';
Home |
Main Index |
Thread Index |
Old Index