public inbox for
help / color / mirror / Atom feed
From: Szabolcs Nagy <>
Subject: [glibc/arm/morello/main] cheri: fix invalid pointer use after realloc in localealias
Date: Wed, 23 Nov 2022 14:46:44 +0000 (GMT)	[thread overview]
Message-ID: <> (raw);h=cd345f5c03e504faca874e1da74bc966a379cedb

commit cd345f5c03e504faca874e1da74bc966a379cedb
Author: Szabolcs Nagy <>
Date:   Fri Mar 18 06:55:31 2022 +0000

    cheri: fix invalid pointer use after realloc in localealias
    This code updates pointers to a reallocated buffer to point to the new
    buffer.  It is not conforming (does arithmetics with freed pointers),
    but it also creates invalid capabilities because the provenance is
    derived from the original freed pointers instead of the new buffer.
    Change the arithmetics so provenance is derived from the new buffer.
    The conformance issue is not fixed.

 intl/localealias.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/intl/localealias.c b/intl/localealias.c
index b36092363a..0401f35f9d 100644
--- a/intl/localealias.c
+++ b/intl/localealias.c
@@ -340,8 +340,10 @@ read_alias_file (const char *fname, int fname_len)
 			  for (i = 0; i < nmap; i++)
-			      map[i].alias += new_pool - string_space;
-			      map[i].value += new_pool - string_space;
+			      map[i].alias = new_pool
+					     + (map[i].alias - string_space);
+			      map[i].value = new_pool
+					     + (map[i].value - string_space);

             reply	other threads:[~2022-11-23 14:46 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-23 14:46 Szabolcs Nagy [this message]
  -- strict thread matches above, loose matches on Subject: below --
2022-10-27 13:56 Szabolcs Nagy
2022-10-26 15:18 Szabolcs Nagy
2022-08-05 19:35 Szabolcs Nagy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).