Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/usr.bin/xlint/lint1 PR/44235: Martin Husemann: Fix core dump...

details:   https://anonhg.NetBSD.org/src/rev/f0e9f2f367bd
branches:  trunk
changeset: 759874:f0e9f2f367bd
user:      christos <christos%NetBSD.org@localhost>
date:      Sat Dec 18 20:57:41 2010 +0000

description:
PR/44235: Martin Husemann: Fix core dump due to memory corruption.
Found by Henning Petersen

diffstat:

 usr.bin/xlint/lint1/tree.c |  26 ++++++++++++++------------
 1 files changed, 14 insertions(+), 12 deletions(-)

diffs (47 lines):

diff -r 95f62d7fc641 -r f0e9f2f367bd usr.bin/xlint/lint1/tree.c
--- a/usr.bin/xlint/lint1/tree.c        Sat Dec 18 18:22:24 2010 +0000
+++ b/usr.bin/xlint/lint1/tree.c        Sat Dec 18 20:57:41 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: tree.c,v 1.65 2010/11/24 17:51:11 christos Exp $       */
+/*     $NetBSD: tree.c,v 1.66 2010/12/18 20:57:41 christos Exp $       */
 
 /*
  * Copyright (c) 1994, 1995 Jochen Pohl
@@ -37,7 +37,7 @@
 
 #include <sys/cdefs.h>
 #if defined(__RCSID) && !defined(lint)
-__RCSID("$NetBSD: tree.c,v 1.65 2010/11/24 17:51:11 christos Exp $");
+__RCSID("$NetBSD: tree.c,v 1.66 2010/12/18 20:57:41 christos Exp $");
 #endif
 
 #include <stdlib.h>
@@ -4011,16 +4011,18 @@
        len2 = strg2->st_len + 1;       /* + NUL */
        len = len1 + len2;
 
-       if (strg1->st_tspec == CHAR) {
-               strg1->st_cp = xrealloc(strg1->st_cp, len);
-               (void)memcpy(strg1->st_cp + len1, strg2->st_cp, len2);
-               free(strg2->st_cp);
-       } else {
-               strg1->st_wcp = xrealloc(strg1->st_wcp, sizeof(*strg1->st_wcp));
-               (void)memcpy(strg1->st_wcp + len1, strg2->st_wcp,
-                   len2 * sizeof(*strg1->st_wcp));
-               free(strg2->st_wcp);
-       }
+#define COPY(F) \
+    do { \
+       strg1->F = xrealloc(strg1->F, len * sizeof(*strg1->F)); \
+       (void)memcpy(strg1->F + len1, strg2->F, len2 * sizeof(*strg1->F)); \
+       free(strg2->F); \
+    } while (/*CONSTCOND*/0)
+
+       if (strg1->st_tspec == CHAR)
+               COPY(st_cp);
+       else
+               COPY(st_wcp);
+
        strg1->st_len = len - 1; /* - NUL */;
        free(strg2);
Home | Main Index | Thread Index | Old Index