zsh-workers
 help / color / mirror / code / Atom feed
* PATCH: use after free in setstrvalue
@ 2008-09-13  8:16 Clint Adams
  2008-10-23  0:46 ` Clint Adams
  0 siblings, 1 reply; 2+ messages in thread
From: Clint Adams @ 2008-09-13  8:16 UTC (permalink / raw)
  To: zsh-workers

I don't really know what's going on here, but it's probably safer to
free val after possibly passing it to strlen().

Index: Src/params.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/params.c,v
retrieving revision 1.145
diff -u -r1.145 params.c
--- Src/params.c	5 Sep 2008 21:02:15 -0000	1.145
+++ Src/params.c	13 Sep 2008 08:13:26 -0000
@@ -2235,10 +2235,10 @@
     case PM_INTEGER:
 	if (val) {
 	    v->pm->gsu.i->setfn(v->pm, mathevali(val));
-	    zsfree(val);
 	    if ((v->pm->node.flags & (PM_LEFT | PM_RIGHT_B | PM_RIGHT_Z)) &&
 		!v->pm->width)
 		v->pm->width = strlen(val);
+	    zsfree(val);
 	}
 	if (!v->pm->base && lastbase != -1)
 	    v->pm->base = lastbase;


^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: PATCH: use after free in setstrvalue
  2008-09-13  8:16 PATCH: use after free in setstrvalue Clint Adams
@ 2008-10-23  0:46 ` Clint Adams
  0 siblings, 0 replies; 2+ messages in thread
From: Clint Adams @ 2008-10-23  0:46 UTC (permalink / raw)
  To: zsh-workers

On Sat, Sep 13, 2008 at 08:16:28AM +0000, Clint Adams wrote:
> -	    zsfree(val);
>  	    if ((v->pm->node.flags & (PM_LEFT | PM_RIGHT_B | PM_RIGHT_Z)) &&
>  		!v->pm->width)
>  		v->pm->width = strlen(val);
> +	    zsfree(val);

Should have done this one too..

Index: Src/params.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/params.c,v
retrieving revision 1.149
diff -u -r1.149 params.c
--- Src/params.c	9 Oct 2008 13:46:45 -0000	1.149
+++ Src/params.c	23 Oct 2008 00:45:00 -0000
@@ -2253,10 +2253,10 @@
 	    mnumber mn = matheval(val);
 	    v->pm->gsu.f->setfn(v->pm, (mn.type & MN_FLOAT) ? mn.u.d :
 			       (double)mn.u.l);
-	    zsfree(val);
 	    if ((v->pm->node.flags & (PM_LEFT | PM_RIGHT_B | PM_RIGHT_Z)) &&
 		!v->pm->width)
 		v->pm->width = strlen(val);
+	    zsfree(val);
 	}
 	break;
     case PM_ARRAY:


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-10-23  0:46 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-09-13  8:16 PATCH: use after free in setstrvalue Clint Adams
2008-10-23  0:46 ` Clint Adams

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/zsh/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).