[Please CC replies to cac...@cactus.rulez.org, I'm not subscribed to the 
list]

I've found a bug in args_strip that causes memory corruption (easily 
testable by using a tool like Electric Fence) and thus messes up the 
arguments passed to the compiler. The code in question is:

    free(args->argv[i]);
    memmove(&args->argv[i],
            &args->argv[i+1],
            args->argc * sizeof(args->argv[i]));
    args->argc--;

This will shift args->argc arguments, but if we're processing the i-th 
argument, there are only (args->argc - i) arguments left to shift.

So here's the patch against CVS:

Index: args.c
===================================================================
RCS file: /cvsroot/ccache/args.c,v
retrieving revision 1.7
diff -u -u -r1.7 args.c
--- args.c      16 Feb 2003 02:28:35 -0000      1.7
+++ args.c      18 Aug 2004 09:22:56 -0000
@@ -82,7 +82,7 @@
                        free(args->argv[i]);
                        memmove(&args->argv[i],
                                &args->argv[i+1],
-                               args->argc * sizeof(args->argv[i]));
+                               (args->argc - i) * sizeof(args->argv[i]));
                        args->argc--;
                } else {
                        i++;


Bye,
        Gergo

-- 
    .--= ULLA! =---------------------.   `We are not here to give users what
    \     http://cactus.rulez.org     \   they want'  -- RMS, at GUADEC 2001
     `---= cac...@cactus.rulez.org =---'
I'm going to live forever, or die trying!

Reply via email to