Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mail: Fix regression for recent use-after-free fix 

For makemessage(), do not skip thread_fix_old_links() for
newly-allocated message as before.

Thanks jun@ for report.
This commit is contained in:
rin 2023-08-23 03:49:00 +00:00
parent a7f1bde315
commit 51157c88ac
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
usr.bin/mail/fio.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: fio.c,v 1.44 2023/08/10 20:36:28 mrg Exp $ */
/* $NetBSD: fio.c,v 1.45 2023/08/23 03:49:00 rin Exp $ */
/*
* Copyright (c) 1980, 1993
@ -34,7 +34,7 @@
#if 0
static char sccsid[] = "@(#)fio.c 8.2 (Berkeley) 4/20/95";
#else
__RCSID("$NetBSD: fio.c,v 1.44 2023/08/10 20:36:28 mrg Exp $");
__RCSID("$NetBSD: fio.c,v 1.45 2023/08/23 03:49:00 rin Exp $");
#endif
#endif /* not lint */
@ -126,6 +126,7 @@ makemessage(FILE *f, int omsgCount, int nmsgCount)
struct message *omessage; /* old message structure array */
struct message *nmessage;
ptrdiff_t off;
int need_init;
omessage = get_abs_message(1);
@ -135,13 +136,15 @@ makemessage(FILE *f, int omsgCount, int nmsgCount)
off = 0;
else
off = dot - omessage;
need_init = (omessage == NULL);
nmessage = realloc(omessage, size);
if (nmessage == NULL)
err(EXIT_FAILURE,
"Insufficient memory for %d messages", nmsgCount);
dot = nmessage + off;
thread_fix_old_links(nmessage, off, omsgCount);
if (off != 0 || need_init != 0)
thread_fix_old_links(nmessage, off, omsgCount);
#ifndef THREAD_SUPPORT
message = nmessage;

6
usr.bin/mail/thread.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: thread.c,v 1.15 2023/08/10 20:36:28 mrg Exp $ */
/* $NetBSD: thread.c,v 1.16 2023/08/23 03:49:00 rin Exp $ */
/*-
* Copyright (c) 2006 The NetBSD Foundation, Inc.
@ -37,7 +37,7 @@
#include <sys/cdefs.h>
#ifndef __lint__
__RCSID("$NetBSD: thread.c,v 1.15 2023/08/10 20:36:28 mrg Exp $");
__RCSID("$NetBSD: thread.c,v 1.16 2023/08/23 03:49:00 rin Exp $");
#endif /* not __lint__ */
#include <assert.h>
@ -443,8 +443,6 @@ PUBLIC void
thread_fix_old_links(struct message *nmessage, ptrdiff_t off, int omsgCount)
{
int i;
if (off == 0)
return;
#ifndef NDEBUG
message_array.t_head = nmessage; /* for assert check in thread_fix_new_links */