Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

PATCH: avoid use of variable after free in getmathfunc()

X-seq: zsh-workers 25898
From: Clint Adams <clint@xxxxxxx>
To: zsh-workers@xxxxxxxxxx
Subject: PATCH: avoid use of variable after free in getmathfunc()
Date: Tue, 14 Oct 2008 23:38:53 +0000
Mail-followup-to: zsh-workers@xxxxxxxxxx
Mailing-list: contact zsh-workers-help@xxxxxxxxxx; run by ezmlm

removemathfunc frees p (but does not set it to NULL)

Index: Src/module.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/module.c,v
retrieving revision 1.39
diff -u -r1.39 module.c
--- Src/module.c	4 Aug 2008 15:26:32 -0000	1.39
+++ Src/module.c	14 Oct 2008 23:36:04 -0000
@@ -1266,10 +1266,11 @@
 	if (!strcmp(name, p->name)) {
 	    if (autol && p->module && !(p->flags & MFF_USERFUNC)) {
 		char *n = dupstring(p->module);
+		int flags = p->flags;
 
 		removemathfunc(q, p);
 
-		(void)ensurefeature(n, "f:", (p->flags & MFF_AUTOALL) ? NULL :
+		(void)ensurefeature(n, "f:", (flags & MFF_AUTOALL) ? NULL :
 				    name);
 
 		return getmathfunc(name, 0);

Messages sorted by: Reverse Date, Date, Thread, Author