summary refs log tree commit diff
diff options
context:
space:
mode:
authorJeff Law <law@redhat.com>2012-06-21 17:15:38 -0600
committerJeff Law <law@redhat.com>2012-06-21 17:15:38 -0600
commit006dd86111c44572dbd3b26e9c63dd0f834d7762 (patch)
tree4e7d26946f302574935cd95061a291b859563c19
parentb7abb4bf78443f4f8d05a9dfa768fdee65b99d42 (diff)
downloadglibc-006dd86111c44572dbd3b26e9c63dd0f834d7762.tar.gz
glibc-006dd86111c44572dbd3b26e9c63dd0f834d7762.tar.xz
glibc-006dd86111c44572dbd3b26e9c63dd0f834d7762.zip
[BZ #14277]
        * intl/dcigettext.c (_nl_find_msg): Avoid use after potential
        free.  Simplify list management for _LIBC case.
-rw-r--r--ChangeLog6
-rw-r--r--NEWS2
-rw-r--r--intl/dcigettext.c13
3 files changed, 14 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index f9ccbe6e3b..6f3676f78a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2012-06-21  Jeff Law  <law@redhat.com>
+
+	[BZ #14277]
+	* intl/dcigettext.c (_nl_find_msg): Avoid use after potential
+	free.  Simplify list management for _LIBC case.
+
 2012-06-21  Joseph Myers  <joseph@codesourcery.com>
 
 	[BZ #14273]
diff --git a/NEWS b/NEWS
index 8797a6bae7..1ce8ee3508 100644
--- a/NEWS
+++ b/NEWS
@@ -30,7 +30,7 @@ Version 2.16
   13983, 13986, 13996, 14012, 14027, 14033, 14034, 14036, 14040, 14043,
   14044, 14048, 14049, 14050, 14053, 14055, 14059, 14064, 14075, 14080,
   14083, 14103, 14104, 14109, 14112, 14117, 14122, 14123, 14134, 14153,
-  14183, 14188, 14199, 14210, 14218, 14229, 14241, 14273, 14278
+  14183, 14188, 14199, 14210, 14218, 14229, 14241, 14273, 14277, 14278
 
 * Support for the x32 ABI on x86-64 added.  The x32 target is selected by
   configuring glibc with:
diff --git a/intl/dcigettext.c b/intl/dcigettext.c
index f6b757379c..fcd1c785cd 100644
--- a/intl/dcigettext.c
+++ b/intl/dcigettext.c
@@ -1155,7 +1155,7 @@ _nl_find_msg (domain_file, domainbinding, msgid, convert, lengthp)
 							     freemem_size);
 # ifdef _LIBC
 		      if (newmem != NULL)
-			transmem_list = transmem_list->next;
+			transmem_list = newmem;
 		      else
 			{
 			  struct transmem_list *old = transmem_list;
@@ -1170,6 +1170,12 @@ _nl_find_msg (domain_file, domainbinding, msgid, convert, lengthp)
 		      malloc_count = 1;
 		      freemem_size = INITIAL_BLOCK_SIZE;
 		      newmem = (transmem_block_t *) malloc (freemem_size);
+# ifdef _LIBC
+		      /* Add the block to the list of blocks we have to free
+			 at some point.  */
+		      newmem->next = transmem_list;
+		      transmem_list = newmem;
+# endif
 		    }
 		  if (__builtin_expect (newmem == NULL, 0))
 		    {
@@ -1180,11 +1186,6 @@ _nl_find_msg (domain_file, domainbinding, msgid, convert, lengthp)
 		    }
 
 # ifdef _LIBC
-		  /* Add the block to the list of blocks we have to free
-		     at some point.  */
-		  newmem->next = transmem_list;
-		  transmem_list = newmem;
-
 		  freemem = (unsigned char *) newmem->data;
 		  freemem_size -= offsetof (struct transmem_list, data);
 # else