[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #56694] troff mixes malloc / delete[]

From: anonymous
Subject: [bug #56694] troff mixes malloc / delete[]
Date: Mon, 29 Jul 2019 17:17:31 -0400 (EDT)
User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.90 Safari/537.36


                 Summary: troff mixes malloc / delete[]
                 Project: GNU troff
            Submitted by: None
            Submitted on: Mon 29 Jul 2019 09:17:29 PM UTC
                Category: Core
                Severity: 3 - Normal
              Item Group: Crash/Not responding
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None



I use Scudo [1] as the systemwide allocator on most of my systems. GNU troff
is one of the very few binaries that fail with it, due to relying on undefined
behavior with memory allocation.

Specifically, the search_path::open_file(..., char**) returns a path that is
sometimes allocated with new[] but usually allocated with malloc (since that's
how the "strsave" function is implemented -- it's basically an strdup). The
returned paths are then deallocated using delete[], which is undefined
behavior and only works with some lenient memory allocators.

Attached is a draft patch that solves the issue as far as I can tell with some
basic testing, but I have no idea how common that pattern is in the codebase
and I don't have a good way to test all of it. And it's not a beautiful patch

[1] https://llvm.org/docs/ScudoHardenedAllocator.html


File Attachments:

Date: Mon 29 Jul 2019 09:17:29 PM UTC  Name: free.diff  Size: 2KiB   By: None



Reply to this item at:


  Message sent via Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]