about summary refs log tree commit diff
diff options
context:
space:
mode:
authorMartin Sebor <msebor@redhat.com>2022-01-25 17:39:36 -0700
committerMartin Sebor <msebor@redhat.com>2022-01-25 17:39:36 -0700
commit4f20a1dc5242fb4bb8763e0451df898fa48e740c (patch)
tree274b99b2d35530e3f3482a387b103fb420b9b857
parentee52ab25ba875f458981fce22c54e3c04c7a17d3 (diff)
downloadglibc-4f20a1dc5242fb4bb8763e0451df898fa48e740c.tar.gz
glibc-4f20a1dc5242fb4bb8763e0451df898fa48e740c.tar.xz
glibc-4f20a1dc5242fb4bb8763e0451df898fa48e740c.zip
stdlib: Avoid -Wuse-after-free in __add_to_environ [BZ #26779]
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
-rw-r--r--stdlib/setenv.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/stdlib/setenv.c b/stdlib/setenv.c
index c3d2cee7b6..2176cbac31 100644
--- a/stdlib/setenv.c
+++ b/stdlib/setenv.c
@@ -150,7 +150,9 @@ __add_to_environ (const char *name, const char *value, const char *combined,
     {
       char **new_environ;
 
-      /* We allocated this space; we can extend it.  */
+      /* We allocated this space; we can extend it.  Avoid using the raw
+	 reallocated pointer to avoid GCC -Wuse-after-free.  */
+      uintptr_t ip_last_environ = (uintptr_t)last_environ;
       new_environ = (char **) realloc (last_environ,
 				       (size + 2) * sizeof (char *));
       if (new_environ == NULL)
@@ -159,7 +161,7 @@ __add_to_environ (const char *name, const char *value, const char *combined,
 	  return -1;
 	}
 
-      if (__environ != last_environ)
+      if ((uintptr_t)__environ != ip_last_environ)
 	memcpy ((char *) new_environ, (char *) __environ,
 		size * sizeof (char *));