On Tuesday, September 20, 2016 5:07:14 PM CEST Jan Larres wrote:
> Is there any possibility that someone could have a look at this? Having a set
> of "standard" excludes with this option is quite useful to always exclude
> custom build files, swap files, backup files etc that aren't covered by the
> existing options. Thanks!

That's because 'name_list' elements point to temporary memory allocated by
wordsplit code while parsing TAR_OPTIONS.  That memory is however explicitly
removed right after the TAR_OPTIONS is parsed.  So the naive patch would be:

    option-parser: fix use-after-free error

    diff --git a/src/tar.c b/src/tar.c
    index ba24c43..ddc5d33 100644
    --- a/src/tar.c
    +++ b/src/tar.c
    @@ -2202,8 +2202,6 @@ parse_default_options (void)
           ws.ws_wordv[0] = (char*) program_name;
           more_options (ws.ws_offs + ws.ws_wordc, ws.ws_wordv, &loc);
    -  wordsplit_free (&ws);

This is OK, because the function is called just once (we don't have to care
about memory leaks too much.  However, the wordsplit code is used multiple times
while parsing arguments, so I'm not sure .. it might ask for some systematic
long-term fix?


Reply via email to