diff options
| author | Szabolcs Nagy <szabolcs.nagy@arm.com> | 2022-03-18 06:55:31 +0000 |
|---|---|---|
| committer | Szabolcs Nagy <szabolcs.nagy@arm.com> | 2022-08-05 19:45:19 +0100 |
| commit | d0db1e8a122459e0f37b97eeca2bf399cadb043e (patch) | |
| tree | 90687faafc5efc1f744d0789f2079ce8f0b04712 | |
| parent | 68822420a6da19adf0030ddc836c6968b071b467 (diff) | |
| download | glibc-d0db1e8a122459e0f37b97eeca2bf399cadb043e.tar.gz glibc-d0db1e8a122459e0f37b97eeca2bf399cadb043e.tar.xz glibc-d0db1e8a122459e0f37b97eeca2bf399cadb043e.zip | |
cheri: fix invalid pointer use after realloc in localealias
This code updates pointers to a reallocated buffer to point to the new buffer. It is not conforming (does arithmetics with freed pointers), but it also creates invalid capabilities because the provenance is derived from the original freed pointers instead of the new buffer. Change the arithmetics so provenance is derived from the new buffer. The conformance issue is not fixed.
| -rw-r--r-- | intl/localealias.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/intl/localealias.c b/intl/localealias.c index b36092363a..0401f35f9d 100644 --- a/intl/localealias.c +++ b/intl/localealias.c @@ -340,8 +340,10 @@ read_alias_file (const char *fname, int fname_len) for (i = 0; i < nmap; i++) { - map[i].alias += new_pool - string_space; - map[i].value += new_pool - string_space; + map[i].alias = new_pool + + (map[i].alias - string_space); + map[i].value = new_pool + + (map[i].value - string_space); } } |