[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #55331] src/utils/hpftodit/hpftodit.cpp:577:Wmismatched-new-delete
From: |
Ingo Schwarze |
Subject: |
[bug #55331] src/utils/hpftodit/hpftodit.cpp:577:Wmismatched-new-delete |
Date: |
Mon, 31 Dec 2018 08:59:02 -0500 (EST) |
User-agent: |
Mozilla/5.0 (X11; OpenBSD amd64; rv:63.0) Gecko/20100101 Firefox/63.0 |
Update of bug #55331 (project groff):
Severity: 3 - Normal => 4 - Important
Item Group: None => Incorrect behaviour
Status: None => Confirmed
Planned Release: None => 1.22.5
_______________________________________________________
Follow-up Comment #1:
Bug confirmed by code inspection. Both lines quoted by David are in the
function output_font_name(), and the code progresses linearily and
unconditionally from the "new[]" to the "delete", without any branching in or
out in between, so every invocation of the new[] is 100% certain to trigger
the bug at run time.
According to Stroustrup, mismatches of this kind can trigger
compiler-implementation-dependent undefined behaviour. So this should be
treated as a severe and potentially dangerous bug, similar to a buffer
overflow or double free, with potential for incorrect and insecure behaviour
and crashes.
So i'm setting the item group to "incorrect behaviour", the severity to
"important", and the "planned release" to 1.22.5.
The obvious fix is
- delete font_name;
+ delete[] font_name;
Unfortunately, i never used hpftodit(1) and don't even understand its purpose,
so i cannot test and hence won't commit. But if somebody else can test, you
have my OK for that fix.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?55331>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/