public inbox for glibc-cvs@sourceware.org help / color / mirror / Atom feed
From: Szabolcs Nagy <nsz@sourceware.org> To: glibc-cvs@sourceware.org Subject: [glibc/arm/morello/main] cheri: fix invalid pointer use after realloc in localealias Date: Wed, 23 Nov 2022 14:46:44 +0000 (GMT) [thread overview] Message-ID: <20221123144644.551F73852C56@sourceware.org> (raw) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cd345f5c03e504faca874e1da74bc966a379cedb commit cd345f5c03e504faca874e1da74bc966a379cedb Author: Szabolcs Nagy <szabolcs.nagy@arm.com> Date: Fri Mar 18 06:55:31 2022 +0000 cheri: fix invalid pointer use after realloc in localealias This code updates pointers to a reallocated buffer to point to the new buffer. It is not conforming (does arithmetics with freed pointers), but it also creates invalid capabilities because the provenance is derived from the original freed pointers instead of the new buffer. Change the arithmetics so provenance is derived from the new buffer. The conformance issue is not fixed. Diff: --- intl/localealias.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/intl/localealias.c b/intl/localealias.c index b36092363a..0401f35f9d 100644 --- a/intl/localealias.c +++ b/intl/localealias.c @@ -340,8 +340,10 @@ read_alias_file (const char *fname, int fname_len) for (i = 0; i < nmap; i++) { - map[i].alias += new_pool - string_space; - map[i].value += new_pool - string_space; + map[i].alias = new_pool + + (map[i].alias - string_space); + map[i].value = new_pool + + (map[i].value - string_space); } }
next reply other threads:[~2022-11-23 14:46 UTC|newest] Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-11-23 14:46 Szabolcs Nagy [this message] -- strict thread matches above, loose matches on Subject: below -- 2022-10-27 13:56 Szabolcs Nagy 2022-10-26 15:18 Szabolcs Nagy 2022-08-05 19:35 Szabolcs Nagy
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20221123144644.551F73852C56@sourceware.org \ --to=nsz@sourceware.org \ --cc=glibc-cvs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).