[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#11787: Potential use after free bug in coreutils 8.17
From: |
Xu Zhongxing |
Subject: |
bug#11787: Potential use after free bug in coreutils 8.17 |
Date: |
Tue, 26 Jun 2012 13:01:13 +0800 (CST) |
In Coreutils 8.17, csplit.c, static bool load_buffer (void)
On line 503 and 511, b is passed to free_buffer() twice. This could lead to a
use-after-free bug in free_buffer(): struct line *n = l->next;, where
buf->line_start is freed in the first call of free_buffer().
- Xu Zhongxing
- bug#11787: Potential use after free bug in coreutils 8.17,
Xu Zhongxing <=