[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bug in make-3.81: variable_buffer moves out from under buffer
From: |
David Wuertele |
Subject: |
Bug in make-3.81: variable_buffer moves out from under buffer |
Date: |
Tue, 20 Jan 2009 18:53:27 +0000 (UTC) |
User-agent: |
Loom/3.14 (http://gmane.org/) |
I posted this to the developer list but got no response. Looks like there's
been no activity on that list since October. Is it dead? Anyway, here's the
bug report:
I have a very convoluted makefile that triggers what I believe to be a bug in
make-3.81. I have looked through the savannah buglist and did not find anything
that resembles it. What I am looking for is some help writing a makefile that
is simple enough to post in a bug report.
The problem is in expand_deps() in file.c, line 545:
char *o = patsubst_expand (buffer, d->stem, pattern,
dp->name, pattern+1,
percent+1);
if (o == buffer)
dp->name[0] = '\0';
else
{
free (dp->name);
dp->name = savestring (buffer, o - buffer);
}
In the above, the patsubst_expand function calls variable_buffer_output() with
buffer as the head of the string to write to. But if variable_buffer_length is
not long enough to hold what patsubst_expand wants to write,
variable_buffer_output() will xrealloc() buffer to a different size, which could
result in the original contents of buffer getting moved to a different address.
In this rare case (that I am unable to trigger except in my unpostably
convoluted makefile), the expand_deps() code I quoted above calls savestring()
on the original value of buffer, which is an address that got freed when
xrealloc moved its original contents. Thus, garbage gets saved in dp->name.
I have fixed this bug with the following patch. Comments?
Dave
--- make-3.81/file.c~ 2006-03-17 06:24:20.000000000 -0800
+++ make-3.81/file.c 2009-01-16 13:40:30.000000000 -0800
@@ -545,6 +545,9 @@
char *o = patsubst_expand (buffer, d->stem, pattern,
dp->name, pattern+1,
percent+1);
+
+ buffer = variable_buffer;
+
if (o == buffer)
dp->name[0] = '\0';
else
- Bug in make-3.81: variable_buffer moves out from under buffer,
David Wuertele <=