[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] gawk 3.1.8: Fix double free error in free_wstr
|
From: |
Vojtech Vitek |
|
Subject: |
[PATCH] gawk 3.1.8: Fix double free error in free_wstr |
|
Date: |
Mon, 1 Nov 2010 12:12:00 -0400 (EDT) |
Hi,
I'm sending you patch for double free error in free_wstr, reported here:
https://bugzilla.redhat.com/show_bug.cgi?id=629196
Bug is reproducible simply by running:
$ echo -e "\n" | gawk '{ if (!length($1)) $1=""; }'
Bug appears at least in versions 3.1.8 and 3.1.70 (which is current
head of CVS gawk-devel). Patch should be applicable to both.
$ patch -p0 < gawk-3.1.8-double_free_wstptr.patch
Index: node.c
===================================================================
RCS file: /sources/gawk/gawk-devel/node.c,v
retrieving revision 1.3
diff -u -r1.3 node.c
--- node.c 6 May 2010 19:00:58 -0000 1.3
+++ node.c 27 Oct 2010 17:56:49 -0000
@@ -758,6 +758,15 @@
assert((n->flags & (STRING|STRCUR)) != 0);
+ /*
+ * Don't convert global null string or global null field
+ * variables to a wide string. They are both zero-length anyway.
+ * This also avoids future double-free errors while releasing
+ * shallow copies, eg. *tmp = *Null_field; free_wstr(tmp);
+ */
+ if (n == Nnull_string || n == Null_field)
+ return n;
+
if ((n->flags & WSTRCUR) != 0) {
if (ptr == NULL)
return n;
Regards, Vojtech
--
Vojtech Vitek (V-Teq) <address@hidden>
GPG 5FF0B464
gawk-3.1.8-double_free_wstptr.patch
Description: Text Data
- [PATCH] gawk 3.1.8: Fix double free error in free_wstr,
Vojtech Vitek <=