[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #55331] src/utils/hpftodit/hpftodit.cpp:577:Wmismatched-new-delete

From: Ingo Schwarze
Subject: [bug #55331] src/utils/hpftodit/hpftodit.cpp:577:Wmismatched-new-delete
Date: Mon, 31 Dec 2018 08:59:02 -0500 (EST)
User-agent: Mozilla/5.0 (X11; OpenBSD amd64; rv:63.0) Gecko/20100101 Firefox/63.0

Update of bug #55331 (project groff):

                Severity:              3 - Normal => 4 - Important          
              Item Group:                    None => Incorrect behaviour    
                  Status:                    None => Confirmed              
         Planned Release:                    None => 1.22.5                 


Follow-up Comment #1:

Bug confirmed by code inspection.  Both lines quoted by David are in the
function output_font_name(), and the code progresses linearily and
unconditionally from the "new[]" to the "delete", without any branching in or
out in between, so every invocation of the new[] is 100% certain to trigger
the bug at run time.

According to Stroustrup, mismatches of this kind can trigger
compiler-implementation-dependent undefined behaviour.  So this should be
treated as a severe and potentially dangerous bug, similar to a buffer
overflow or double free, with potential for incorrect and insecure behaviour
and crashes.

So i'm setting the item group to "incorrect behaviour", the severity to
"important", and the "planned release" to 1.22.5.

The obvious fix is

-  delete font_name;
+  delete[] font_name;

Unfortunately, i never used hpftodit(1) and don't even understand its purpose,
so i cannot test and hence won't commit.  But if somebody else can test, you
have my OK for that fix.


Reply to this item at:


  Message sent via Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]