From 2895f44e891472c8e86a87989e0e2d41585b006f Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Fri, 18 Feb 2011 23:29:14 +0100
Subject: [PATCH] stdbuf: avoid even the appearance of a possible
 use-after-free

There was an execution path by which "libstdbuf" could be used after
being freed, but that would happen only if there were no libstdbuf.so
alongside the stdbuf program and there had been an installation error
leading to absence of the file, PKGLIBDIR/libstdbuf.so.
* src/stdbuf.c (set_LD_PRELOAD): Rearrange loop to make it perfectly
clear that there is no possibility of use-after-free.
Steve Grubb reported this possible use-after-free of "libstdbuf".
---
 src/stdbuf.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/stdbuf.c b/src/stdbuf.c
index dce338f4fe..607859ca16 100644
--- a/src/stdbuf.c
+++ b/src/stdbuf.c
@@ -209,7 +209,7 @@ set_LD_PRELOAD (void)
   char const *const *path = search_path;
   char *libstdbuf;
 
-  do
+  while (true)
     {
       struct stat sb;
 
@@ -224,8 +224,11 @@ set_LD_PRELOAD (void)
       if (stat (libstdbuf, &sb) == 0)   /* file_exists  */
         break;
       free (libstdbuf);
+
+      ++path;
+      if ( ! *path)
+        error (EXIT_CANCELED, 0, _("failed to find %s"), quote (LIB_NAME));
     }
-  while (*++path);
 
   /* FIXME: Do we need to support libstdbuf.dll, c:, '\' separators etc?  */
 
-- 
2.47.2