From: Martin Sebor <msebor@redhat.com>
Date: Wed, 26 Jan 2022 00:39:36 +0000 (-0700)
Subject: stdlib: Avoid -Wuse-after-free in __add_to_environ [BZ #26779]
X-Git-Tag: glibc-2.35~35
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4f20a1dc5242fb4bb8763e0451df898fa48e740c;p=thirdparty%2Fglibc.git

stdlib: Avoid -Wuse-after-free in __add_to_environ [BZ #26779]

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
---

diff --git a/stdlib/setenv.c b/stdlib/setenv.c
index c3d2cee7b6e..2176cbac319 100644
--- a/stdlib/setenv.c
+++ b/stdlib/setenv.c
@@ -150,7 +150,9 @@ __add_to_environ (const char *name, const char *value, const char *combined,
     {
       char **new_environ;
 
-      /* We allocated this space; we can extend it.  */
+      /* We allocated this space; we can extend it.  Avoid using the raw
+	 reallocated pointer to avoid GCC -Wuse-after-free.  */
+      uintptr_t ip_last_environ = (uintptr_t)last_environ;
       new_environ = (char **) realloc (last_environ,
 				       (size + 2) * sizeof (char *));
       if (new_environ == NULL)
@@ -159,7 +161,7 @@ __add_to_environ (const char *name, const char *value, const char *combined,
 	  return -1;
 	}
 
-      if (__environ != last_environ)
+      if ((uintptr_t)__environ != ip_last_environ)
 	memcpy ((char *) new_environ, (char *) __environ,
 		size * sizeof (char *));