Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: PATCH: use after free in setstrvalue

X-seq: zsh-workers 25926
From: Clint Adams <clint@xxxxxxx>
To: zsh-workers@xxxxxxxxxx
Subject: Re: PATCH: use after free in setstrvalue
Date: Thu, 23 Oct 2008 00:46:32 +0000
In-reply-to: <20080913081628.GA25022@xxxxxxxx>
Mail-followup-to: zsh-workers@xxxxxxxxxx
Mailing-list: contact zsh-workers-help@xxxxxxxxxx; run by ezmlm
References: <20080913081628.GA25022@xxxxxxxx>

On Sat, Sep 13, 2008 at 08:16:28AM +0000, Clint Adams wrote:
> -	    zsfree(val);
>  	    if ((v->pm->node.flags & (PM_LEFT | PM_RIGHT_B | PM_RIGHT_Z)) &&
>  		!v->pm->width)
>  		v->pm->width = strlen(val);
> +	    zsfree(val);

Should have done this one too..

Index: Src/params.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/params.c,v
retrieving revision 1.149
diff -u -r1.149 params.c
--- Src/params.c	9 Oct 2008 13:46:45 -0000	1.149
+++ Src/params.c	23 Oct 2008 00:45:00 -0000
@@ -2253,10 +2253,10 @@
 	    mnumber mn = matheval(val);
 	    v->pm->gsu.f->setfn(v->pm, (mn.type & MN_FLOAT) ? mn.u.d :
 			       (double)mn.u.l);
-	    zsfree(val);
 	    if ((v->pm->node.flags & (PM_LEFT | PM_RIGHT_B | PM_RIGHT_Z)) &&
 		!v->pm->width)
 		v->pm->width = strlen(val);
+	    zsfree(val);
 	}
 	break;
     case PM_ARRAY:

References:
- PATCH: use after free in setstrvalue
  - From: Clint Adams

Messages sorted by: Reverse Date, Date, Thread, Author