From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 22126 invoked by alias); 17 Jun 2018 14:39:39 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: List-Unsubscribe: X-Seq: 43037 Received: (qmail 1692 invoked by uid 1010); 17 Jun 2018 14:39:39 -0000 X-Qmail-Scanner-Diagnostics: from mail-oi0-f54.google.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.99.2/21882. spamassassin: 3.4.1. Clear:RC:0(209.85.218.54):SA:0(-1.9/5.0):. Processed in 0.572244 secs); 17 Jun 2018 14:39:39 -0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_PASS,T_DKIM_INVALID autolearn=ham autolearn_force=no version=3.4.1 X-Envelope-From: sgniazdowski@gmail.com X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=S/98MAvDy50iCiCQjuovEbJ0P7Gc0E5yFV63jQhFUw0=; b=Z9asC87df+WeMWF1fgFAk0wCFcCvDviE7LHuocUiwUO3uVqB9fNZ/c2cKUTd/46IZl n5xhX0N+zxFBg5w4No49W/bSMQhpScdY/a6XQicoKha6L52CK6jDHWwVmO+xIjGqZzZ2 NzlyHYKfL8Hr1EMnZV83npBh6kJ7yS+g4BmiwAdt0rwKYbd8KFmrc2TQFG9a/10ydzwR MCiDkR6gDopzN6y5XoOROhX6FDnSPAQHCE2J+e0Gdf/l7gk5jBubEPgoOZ/Al0dTwetL rny/sVjrtx5MIBKtBHEzI+8WEudJfVrLl2735/o+4Jolbhu00GdsbcIN3kveyVqtSzAu qK3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=S/98MAvDy50iCiCQjuovEbJ0P7Gc0E5yFV63jQhFUw0=; b=C8Rr5W2t89vWeLY/BOA/vhmV1WYwvGQ2TIWinL2iMGGodVk+xm+cGtvxlKvS6u+Ltt kf7pCaY7hVLwWaKp4aN47kQRQH2FkwUX2OVGKT4J/T5xmzsfJ+9lHj/hogR5fjtR+WCs 4qNBJiYatQIQD1ZNkmh6E2tJc4pPBtwqXSSMEUK2nePX6sIJBUoAebjiVWNaYtUm63eN tftHiTb072JgowzvLnxBEA0wx+0+9pi1hW1lumaVo2ACnjjBLpMewqy4+hFppjsum5h1 2CPNCvtCky+eUz5+2qR+4yySY1ynnXPwR8AA7vvPsX9qPLBtrG0VmfB7rRjTDmR/H12+ BsrA== X-Gm-Message-State: APt69E1seGdkJUOY2hQCpuuo9a53ZmAbwSHKhJBJ0TG0JN/0MYa4APB+ kXnGshMn0DiqPHIOTYK1RrtbTm+f04zmdJh3dqaZcQ== X-Google-Smtp-Source: ADUXVKIYzemRpSrR/zEkTZxLP8Z/uzNKBmrbv/tMgF/2KtSko5SNPcNIVedDATHIEnqnglcZLqgFuOgk5p7pjcHjrgU= X-Received: by 2002:aca:3e84:: with SMTP id l126-v6mr5157509oia.231.1529246376461; Sun, 17 Jun 2018 07:39:36 -0700 (PDT) MIME-Version: 1.0 From: Sebastian Gniazdowski Date: Sun, 17 Jun 2018 16:39:15 +0200 Message-ID: Subject: [PATCH] Fortify zrealloc append to arrays To: Zsh hackers list Content-Type: multipart/mixed; boundary="0000000000000b25cc056ed76b9e" --0000000000000b25cc056ed76b9e Content-Type: text/plain; charset="UTF-8" Hello, one user of my project reports crash with message about realloc(), when pasting: $ openssl req -new -newkey rsa:4096 > regisrealloc(): invalid old size Connection to localhost closed. I looked at my code that introduced realloc() to array appends. It seems that its correctness is guarded by this: before patch, old pointer (old array) was subject to arrsetfn, which does freearray(). So if string can be freed, it for sure can be realloc()-ed. That said I have a patch that checks if old pointer isn't nullarray (static variable) and has the standard getter. A fortification, to sleep better. -- Best regards, Sebastian Gniazdowski --0000000000000b25cc056ed76b9e Content-Type: text/plain; charset="US-ASCII"; name="append_nular_fortify.diff.txt" Content-Disposition: attachment; filename="append_nular_fortify.diff.txt" Content-Transfer-Encoding: base64 X-Attachment-Id: f_jiixrjjf0 ZGlmZiAtLWdpdCBhL1NyYy9wYXJhbXMuYyBiL1NyYy9wYXJhbXMuYwppbmRleCBmMTMwOTM0Li45 NTI3MmI3IDEwMDY0NAotLS0gYS9TcmMvcGFyYW1zLmMKKysrIGIvU3JjL3BhcmFtcy5jCkBAIC0x NTAsNiArMTUwLDggQEAgcnByb21wdF9pbmRlbnRfdW5zZXRmbihQYXJhbSBwbSwgaW50IGV4cCk7 CiAKIC8qIFN0YW5kYXJkIG1ldGhvZHMgZm9yIGdldC9zZXQvdW5zZXQgcG9pbnRlcnMgaW4gcGFy YW1ldGVycyAqLwogCitzdGF0aWMgY2hhciAqbnVsbGFycmF5ID0gTlVMTDsKKwogLyoqLwogbW9k X2V4cG9ydCBjb25zdCBzdHJ1Y3QgZ3N1X3NjYWxhciBzdGRzY2FsYXJfZ3N1ID0KIHsgc3RyZ2V0 Zm4sIHN0cnNldGZuLCBzdGR1bnNldGZuIH07CkBAIC0yODAzLDcgKzI4MDUsOCBAQCBzZXRhcnJ2 YWx1ZShWYWx1ZSB2LCBjaGFyICoqdmFsKQogICAgICAgICAgICAgaWYgKHBvc3RfYXNzaWdubWVu dF9sZW5ndGggPiBwcmVfYXNzaWdubWVudF9sZW5ndGggJiYKICAgICAgICAgICAgICAgICAgICAg cHJlX2Fzc2lnbm1lbnRfbGVuZ3RoIDw9IHYtPnN0YXJ0ICYmCiAgICAgICAgICAgICAgICAgICAg IHByZV9hc3NpZ25tZW50X2xlbmd0aCA+IDAgJiYKLSAgICAgICAgICAgICAgICAgICAgdi0+cG0t PmdzdS5hLT5zZXRmbiA9PSBhcnJzZXRmbikKKyAgICAgICAgICAgICAgICAgICAgdi0+cG0tPmdz dS5hLT5zZXRmbiA9PSBhcnJzZXRmbiAmJiB2LT5wbS0+Z3N1LmEtPmdldGZuID09IGFycmdldGZu ICYmCisgICAgICAgICAgICAgICAgICAgIG9sZCAhPSAmbnVsbGFycmF5KQogICAgICAgICAgICAg ewogICAgICAgICAgICAgICAgIHAgPSBuZXcgPSAoY2hhciAqKikgenJlYWxsb2Mob2xkLCBzaXpl b2YoY2hhciAqKQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICog KHBvc3RfYXNzaWdubWVudF9sZW5ndGggKyAxKSk7CkBAIC0zNzg4LDggKzM3OTEsNiBAQCBzdHJz ZXRmbihQYXJhbSBwbSwgY2hhciAqeCkKIAogLyogRnVuY3Rpb24gdG8gZ2V0IHZhbHVlIG9mIGFu IGFycmF5IHBhcmFtZXRlciAqLwogCi1zdGF0aWMgY2hhciAqbnVsbGFycmF5ID0gTlVMTDsKLQog LyoqLwogY2hhciAqKgogYXJyZ2V0Zm4oUGFyYW0gcG0pCg== --0000000000000b25cc056ed76b9e--