projects / freebsd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bb31e1b) | patch
rs: Fix a use after free.
authorJohn Baldwin <jhb@FreeBSD.org>
Wed, 5 Oct 2022 23:47:40 +0000 (16:47 -0700)
committerJohn Baldwin <jhb@FreeBSD.org>
Wed, 5 Oct 2022 23:47:40 +0000 (16:47 -0700)
commite5f2d5b35e79ddf995a8a5c782a7940ca2e05fdf
tree7a1f4277b6628bee749c24ca780ae8c0f46afc53tree | snapshot
parentbb31e1bbf2ade7abd38eb29391e1ba0718723480commit | diff
rs: Fix a use after free.

Using a pointer passed to realloc() after realloc() even for pointer
arithmetic is UB.  It also breaks in practice on CHERI systems as
the updated value of 'sp' in this case would have had the bounds from
the old allocation.

This would be much cleaner if elem were a std::vector<char *>.

Reviewed by: brooks, emaste
Reported by: GCC -Wuse-after-free
Differential Revision: https://reviews.freebsd.org/D36831
usr.bin/rs/rs.c diff | blob | blame | history
FreeBSD Project Source