From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 6377 invoked from network); 13 Sep 2008 08:16:50 -0000 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.5 Received: from news.dotsrc.org (HELO a.mx.sunsite.dk) (130.225.247.88) by ns1.primenet.com.au with SMTP; 13 Sep 2008 08:16:50 -0000 Received-SPF: none (ns1.primenet.com.au: domain at sunsite.dk does not designate permitted sender hosts) Received: (qmail 55392 invoked from network); 13 Sep 2008 08:16:43 -0000 Received: from sunsite.dk (130.225.247.90) by a.mx.sunsite.dk with SMTP; 13 Sep 2008 08:16:43 -0000 Received: (qmail 11689 invoked by alias); 13 Sep 2008 08:16:35 -0000 Mailing-List: contact zsh-workers-help@sunsite.dk; run by ezmlm Precedence: bulk X-No-Archive: yes X-Seq: 25656 Received: (qmail 11678 invoked from network); 13 Sep 2008 08:16:33 -0000 Received: from bifrost.dotsrc.org (130.225.254.106) by sunsite.dk with SMTP; 13 Sep 2008 08:16:33 -0000 Received: from cork.scru.org (cork.scru.org [209.20.67.2]) by bifrost.dotsrc.org (Postfix) with ESMTPS id F09AE802710A for ; Sat, 13 Sep 2008 10:16:29 +0200 (CEST) Received: by cork.scru.org (Postfix, from userid 1000) id 8376E10409A; Sat, 13 Sep 2008 08:16:28 +0000 (UTC) Date: Sat, 13 Sep 2008 08:16:28 +0000 From: Clint Adams To: zsh-workers@sunsite.dk Subject: PATCH: use after free in setstrvalue Message-ID: <20080913081628.GA25022@scru.org> Mail-Followup-To: zsh-workers@sunsite.dk MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) X-Virus-Scanned: ClamAV 0.92.1/8230/Sat Sep 13 02:08:14 2008 on bifrost X-Virus-Status: Clean I don't really know what's going on here, but it's probably safer to free val after possibly passing it to strlen(). Index: Src/params.c =================================================================== RCS file: /cvsroot/zsh/zsh/Src/params.c,v retrieving revision 1.145 diff -u -r1.145 params.c --- Src/params.c 5 Sep 2008 21:02:15 -0000 1.145 +++ Src/params.c 13 Sep 2008 08:13:26 -0000 @@ -2235,10 +2235,10 @@ case PM_INTEGER: if (val) { v->pm->gsu.i->setfn(v->pm, mathevali(val)); - zsfree(val); if ((v->pm->node.flags & (PM_LEFT | PM_RIGHT_B | PM_RIGHT_Z)) && !v->pm->width) v->pm->width = strlen(val); + zsfree(val); } if (!v->pm->base && lastbase != -1) v->pm->base = lastbase;