Date: Sat, 16 Jun 2012 13:10:22 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r237159 - head/lib/libc/gen Message-ID: <201206161310.q5GDAMlC045747@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Sat Jun 16 13:10:22 2012 New Revision: 237159 URL: http://svn.freebsd.org/changeset/base/237159 Log: Revert part of the r235740 which changed separate allocation of the string buffer for each linelist l_line into one large string. Since linelists parsed out during the previous passes store the pointers to previously allocated l_lines, the reallocation caused undefined behaviour on accessing the buffers, and quite deterministic fault on freeing them (in mountd(8) startup). This fixes reading of netgroup(5) file which contains more then one netgroup. Discussed with: ghelmer MFC after: 3 days Modified: head/lib/libc/gen/getnetgrent.c Modified: head/lib/libc/gen/getnetgrent.c ============================================================================== --- head/lib/libc/gen/getnetgrent.c Sat Jun 16 12:56:36 2012 (r237158) +++ head/lib/libc/gen/getnetgrent.c Sat Jun 16 13:10:22 2012 (r237159) @@ -538,7 +538,7 @@ parse_netgrp(const char *group) static struct linelist * read_for_group(const char *group) { - char *pos, *spos, *linep; + char *linep, *olinep, *pos, *spos; int len, olen; int cont; struct linelist *lp; @@ -615,15 +615,20 @@ read_for_group(const char *group) } else cont = 0; if (len > 0) { - linep = reallocf(linep, olen + len + 1); + linep = malloc(olen + len + 1); if (linep == NULL) { free(lp->l_groupname); free(lp); return (NULL); } + if (olen > 0) { + bcopy(olinep, linep, olen); + free(olinep); + } bcopy(pos, linep + olen, len); olen += len; *(linep + olen) = '\0'; + olinep = linep; } if (cont) { if (fgets(line, LINSIZ, netf)) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201206161310.q5GDAMlC045747>