From: Andreas Henriksson Date: Fri, 12 Oct 2007 08:56:42 +0000 (+0200) Subject: Fix corruption when using batch files with comments and broken lines. X-Git-Tag: v2.6.24-rc4~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d21e88354b2a42b026384730a767f2108bcf8efe;p=thirdparty%2Fiproute2.git Fix corruption when using batch files with comments and broken lines. The problem was that length of allocation changed but caller not told. Anyway, the patch fixes a problem resulting in a double free that occurs when using batch files that contains a special combination of broken up lines and comments as reported in: http://bugs.debian.org/398912 Thanks to Michal Pokrywka for testcase and information on which conditions problem could be reproduced under. Signed-off-by: Andreas Henriksson Signed-off-by: Stephen Hemminger --- diff --git a/include/utils.h b/include/utils.h index 7da2b2964..9ee55fdcf 100644 --- a/include/utils.h +++ b/include/utils.h @@ -144,7 +144,7 @@ int print_timestamp(FILE *fp); #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) extern int cmdlineno; -extern size_t getcmdline(char **line, size_t *len, FILE *in); +extern ssize_t getcmdline(char **line, size_t *len, FILE *in); extern int makeargs(char *line, char *argv[], int maxargs); #endif /* __UTILS_H__ */ diff --git a/lib/utils.c b/lib/utils.c index 4c42dfd8b..ffef6fed9 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -642,9 +642,9 @@ int print_timestamp(FILE *fp) int cmdlineno; /* Like glibc getline but handle continuation lines and comments */ -size_t getcmdline(char **linep, size_t *lenp, FILE *in) +ssize_t getcmdline(char **linep, size_t *lenp, FILE *in) { - size_t cc; + ssize_t cc; char *cp; if ((cc = getline(linep, lenp, in)) < 0) @@ -672,9 +672,11 @@ size_t getcmdline(char **linep, size_t *lenp, FILE *in) if (cp) *cp = '\0'; - *linep = realloc(*linep, strlen(*linep) + strlen(line1) + 1); + *lenp = strlen(*linep) + strlen(line1) + 1; + *linep = realloc(*linep, *lenp); if (!*linep) { fprintf(stderr, "Out of memory\n"); + *lenp = 0; return -1; } cc += cc1 - 2;