|
 |
662f5f |
From b3ab5461f1a02aa0a07a6f50bc2fa4da057193d1 Mon Sep 17 00:00:00 2001
|
|
|
662f5f |
From: Dominique <dominique.pelle@gmail.com>
|
|
|
662f5f |
Date: Sun, 8 May 2022 08:27:32 +0200
|
|
|
662f5f |
Subject: [PATCH 1/2] fix: access beyond end of string when search called by
|
|
|
662f5f |
fails
|
|
|
662f5f |
Content-type: text/plain
|
|
|
662f5f |
|
|
|
662f5f |
findcalledby() returned a string which was not '\0' terminated.
|
|
|
662f5f |
That string is later output with the snprintf %s format which
|
|
|
662f5f |
accessed beyond the end of the string. Bug caused a crash on macOS
|
|
|
662f5f |
with M1 processor and was also causing a crash on Linux too when
|
|
|
662f5f |
building with asan (address sanitizer).
|
|
|
662f5f |
|
|
|
662f5f |
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
|
|
662f5f |
---
|
|
|
662f5f |
src/find.c | 12 ++++++------
|
|
|
662f5f |
1 file changed, 6 insertions(+), 6 deletions(-)
|
|
|
662f5f |
|
|
|
662f5f |
diff --git a/src/find.c b/src/find.c
|
|
|
662f5f |
index d7a66f0..e8f1141 100644
|
|
|
662f5f |
--- a/src/find.c
|
|
|
662f5f |
+++ b/src/find.c
|
|
|
662f5f |
@@ -1044,7 +1044,7 @@ char *
|
|
|
662f5f |
findcalledby(char *pattern)
|
|
|
662f5f |
{
|
|
|
662f5f |
char file[PATHLEN + 1]; /* source file name */
|
|
|
662f5f |
- static char found_caller = 'n'; /* seen calling function? */
|
|
|
662f5f |
+ static char found_caller[2] = "n"; /* seen calling function? */
|
|
|
662f5f |
BOOL macro = NO;
|
|
|
662f5f |
|
|
|
662f5f |
if (invertedindex == YES) {
|
|
|
662f5f |
@@ -1057,12 +1057,12 @@ findcalledby(char *pattern)
|
|
|
662f5f |
case FCNDEF:
|
|
|
662f5f |
if (dbseek(p->lineoffset) != -1 &&
|
|
|
662f5f |
scanpast('\t') != NULL) { /* skip def */
|
|
|
662f5f |
- found_caller = 'y';
|
|
|
662f5f |
+ found_caller[0] = 'y';
|
|
|
662f5f |
findcalledbysub(srcfiles[p->fileindex], macro);
|
|
|
662f5f |
}
|
|
|
662f5f |
}
|
|
|
662f5f |
}
|
|
|
662f5f |
- return(&found_caller);
|
|
|
662f5f |
+ return(&found_caller[0]);
|
|
|
662f5f |
}
|
|
|
662f5f |
/* find the function definition(s) */
|
|
|
662f5f |
while (scanpast('\t') != NULL) {
|
|
|
662f5f |
@@ -1072,7 +1072,7 @@ findcalledby(char *pattern)
|
|
|
662f5f |
skiprefchar(); /* save file name */
|
|
|
662f5f |
fetch_string_from_dbase(file, sizeof(file));
|
|
|
662f5f |
if (*file == '\0') { /* if end of symbols */
|
|
|
662f5f |
- return(&found_caller);
|
|
|
662f5f |
+ return(&found_caller[0]);
|
|
|
662f5f |
}
|
|
|
662f5f |
progress("Search", searchcount, nsrcfiles);
|
|
|
662f5f |
break;
|
|
|
662f5f |
@@ -1087,14 +1087,14 @@ findcalledby(char *pattern)
|
|
|
662f5f |
case FCNDEF:
|
|
|
662f5f |
skiprefchar(); /* match name to pattern */
|
|
|
662f5f |
if (match()) {
|
|
|
662f5f |
- found_caller = 'y';
|
|
|
662f5f |
+ found_caller[0] = 'y';
|
|
|
662f5f |
findcalledbysub(file, macro);
|
|
|
662f5f |
}
|
|
|
662f5f |
break;
|
|
|
662f5f |
}
|
|
|
662f5f |
}
|
|
|
662f5f |
|
|
|
662f5f |
- return (&found_caller);
|
|
|
662f5f |
+ return (&found_caller[0]);
|
|
|
662f5f |
}
|
|
|
662f5f |
|
|
|
662f5f |
/* find this term, which can be a regular expression */
|
|
|
662f5f |
--
|
|
|
662f5f |
2.37.3
|
|
|
662f5f |
|