Date: Tue, 18 Jun 2013 19:35:51 +0000 (UTC) From: "Simon J. Gerraty" <sjg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r251958 - head/contrib/bmake Message-ID: <201306181935.r5IJZp56084248@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sjg Date: Tue Jun 18 19:35:51 2013 New Revision: 251958 URL: http://svnweb.freebsd.org/changeset/base/251958 Log: Fix use after free bug. Parse_SetInput: curFile->fname was using the buffer passed to it - which ReadMakefile frees. This change makes the comment in ParseEOF about leaking curFile->fname true. Modified: head/contrib/bmake/parse.c Modified: head/contrib/bmake/parse.c ============================================================================== --- head/contrib/bmake/parse.c Tue Jun 18 19:03:27 2013 (r251957) +++ head/contrib/bmake/parse.c Tue Jun 18 19:35:51 2013 (r251958) @@ -157,7 +157,7 @@ __RCSID("$NetBSD: parse.c,v 1.188 2013/0 * Structure for a file being read ("included file") */ typedef struct IFile { - const char *fname; /* name of file */ + char *fname; /* name of file */ int lineno; /* current line number in file */ int first_lineno; /* line number of start of text */ int cond_depth; /* 'if' nesting when file opened */ @@ -2344,7 +2344,7 @@ Parse_SetInput(const char *name, int lin * name of the include file so error messages refer to the right * place. */ - curFile->fname = name; + curFile->fname = bmake_strdup(name); curFile->lineno = line; curFile->first_lineno = line; curFile->nextbuf = nextbuf; @@ -2357,6 +2357,8 @@ Parse_SetInput(const char *name, int lin buf = curFile->nextbuf(curFile->nextbuf_arg, &len); if (buf == NULL) { /* Was all a waste of time ... */ + if (curFile->fname) + free(curFile->fname); free(curFile); return; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201306181935.r5IJZp56084248>