[Bug-cssc] [bug #56237] [patch] use after free in writesubst.cc

bug-cssc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-cssc] [bug #56237] [patch] use after free in writesubst.cc

From:	Takakazu Satoh
Subject:	[Bug-cssc] [bug #56237] [patch] use after free in writesubst.cc
Date:	Mon, 29 Apr 2019 11:18:26 -0400 (EDT)
User-agent:	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36

URL:
  <https://savannah.gnu.org/bugs/?56237>

                 Summary: [patch] use after free in writesubst.cc
                 Project: GNU CSSC
            Submitted by: takakazu_satoh
            Submitted on: Mon 29 Apr 2019 03:18:24 PM UTC
                Category: None
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any

    _______________________________________________________

Details:

There is at least one use after free in writesubst.cc .
See the attached patch for details.
The impact depends on how std::string is implemented.
On my machine(armhf, gcc-7), this results in incorrect %M% expansion when the
module name is longer than 16 bytes.




    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Mon 29 Apr 2019 03:18:24 PM UTC  Name: writesubst.patch  Size: 428B  
By: takakazu_satoh

<http://savannah.gnu.org/bugs/download.php?file_id=46855>

    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?56237>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-cssc] [bug #56237] [patch] use after free in writesubst.cc, Takakazu Satoh <=

Index(es):
- Date
- Thread