Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

avoid various use-after-free issues. 

create a ptrdiff_t offset between the start of an allocation region and
some interesting pointer, so it can be adjusted with this offset after
realloc() returns.

found by GCC 12.
This commit is contained in:
mrg 2023-08-10 20:38:00 +00:00
parent 81a719df6e
commit aec4d439cd
3 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/libc/net/gethnamaddr.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: gethnamaddr.c,v 1.94 2022/04/19 20:32:15 rillig Exp $ */
/* $NetBSD: gethnamaddr.c,v 1.95 2023/08/10 20:38:00 mrg Exp $ */
/*
* ++Copyright++ 1985, 1988, 1993
@ -57,7 +57,7 @@
static char sccsid[] = "@(#)gethostnamadr.c 8.1 (Berkeley) 6/4/93";
static char rcsid[] = "Id: gethnamaddr.c,v 8.21 1997/06/01 20:34:37 vixie Exp ";
#else
__RCSID("$NetBSD: gethnamaddr.c,v 1.94 2022/04/19 20:32:15 rillig Exp $");
__RCSID("$NetBSD: gethnamaddr.c,v 1.95 2023/08/10 20:38:00 mrg Exp $");
#endif
#endif /* LIBC_SCCS and not lint */
@ -110,10 +110,11 @@ __weak_alias(gethostent,_gethostent)
#define addalias(d, s, arr, siz) do { \
if (d >= &arr[siz]) { \
ptrdiff_t _off = d - arr; \
char **xptr = realloc(arr, (siz + 10) * sizeof(*arr)); \
if (xptr == NULL) \
goto nospc; \
d = xptr + (d - arr); \
d = xptr + _off; \
arr = xptr; \
siz += 10; \
} \

12
lib/libedit/chartype.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: chartype.c,v 1.36 2022/10/30 19:11:31 christos Exp $ */
/* $NetBSD: chartype.c,v 1.37 2023/08/10 20:38:00 mrg Exp $ */
/*-
* Copyright (c) 2009 The NetBSD Foundation, Inc.
@ -31,7 +31,7 @@
*/
#include "config.h"
#if !defined(lint) && !defined(SCCSID)
__RCSID("$NetBSD: chartype.c,v 1.36 2022/10/30 19:11:31 christos Exp $");
__RCSID("$NetBSD: chartype.c,v 1.37 2023/08/10 20:38:00 mrg Exp $");
#endif /* not lint && not SCCSID */
#include <ctype.h>
@ -235,17 +235,17 @@ ct_visual_string(const wchar_t *s, ct_buffer_t *conv)
}
/* failed to encode, need more buffer space */
used = dst - conv->wbuff;
uintptr_t sused = (uintptr_t)dst - (uintptr_t)conv->wbuff;
if (ct_conv_wbuff_resize(conv, conv->wsize + CT_BUFSIZ) == -1)
return NULL;
dst = conv->wbuff + used;
dst = conv->wbuff + sused;
}
if (dst >= (conv->wbuff + conv->wsize)) { /* sigh */
used = dst - conv->wbuff;
uintptr_t sused = (uintptr_t)dst - (uintptr_t)conv->wbuff;
if (ct_conv_wbuff_resize(conv, conv->wsize + CT_BUFSIZ) == -1)
return NULL;
dst = conv->wbuff + used;
dst = conv->wbuff + sused;
}
*dst = L'\0';

8
lib/libkvm/kvm_proc.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: kvm_proc.c,v 1.98 2022/04/19 20:32:16 rillig Exp $ */
/* $NetBSD: kvm_proc.c,v 1.99 2023/08/10 20:38:00 mrg Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@ -67,7 +67,7 @@
#if 0
static char sccsid[] = "@(#)kvm_proc.c 8.3 (Berkeley) 9/23/93";
#else
__RCSID("$NetBSD: kvm_proc.c,v 1.98 2022/04/19 20:32:16 rillig Exp $");
__RCSID("$NetBSD: kvm_proc.c,v 1.99 2023/08/10 20:38:00 mrg Exp $");
#endif
#endif /* LIBC_SCCS and not lint */
@ -980,7 +980,7 @@ kvm_argv(kvm_t *kd, const struct miniproc *p, u_long addr, int narg,
if (len + cc > kd->argspc_len) {
ptrdiff_t off;
char **pp;
char *op = kd->argspc;
uintptr_t op = (uintptr_t)kd->argspc;
kd->argspc_len *= 2;
kd->argspc = _kvm_realloc(kd, kd->argspc,
@ -991,7 +991,7 @@ kvm_argv(kvm_t *kd, const struct miniproc *p, u_long addr, int narg,
* Adjust argv pointers in case realloc moved
* the string space.
*/
off = kd->argspc - op;
off = (uintptr_t)kd->argspc - op;
for (pp = kd->argv; pp < argv; pp++)
*pp += off;
ap += off;