Module Name: src
Committed By: christos
Date: Sat Dec 18 20:57:41 UTC 2010
Modified Files:
src/usr.bin/xlint/lint1: tree.c
Log Message:
PR/44235: Martin Husemann: Fix core dump due to memory corruption.
Found by Henning Petersen
To generate a diff of this commit:
cvs rdiff -u -r1.65 -r1.66 src/usr.bin/xlint/lint1/tree.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/xlint/lint1/tree.c
diff -u src/usr.bin/xlint/lint1/tree.c:1.65 src/usr.bin/xlint/lint1/tree.c:1.66
--- src/usr.bin/xlint/lint1/tree.c:1.65 Wed Nov 24 12:51:11 2010
+++ src/usr.bin/xlint/lint1/tree.c Sat Dec 18 15:57:41 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: tree.c,v 1.65 2010/11/24 17:51:11 christos Exp $ */
+/* $NetBSD: tree.c,v 1.66 2010/12/18 20:57:41 christos Exp $ */
/*
* Copyright (c) 1994, 1995 Jochen Pohl
@@ -37,7 +37,7 @@
#include <sys/cdefs.h>
#if defined(__RCSID) && !defined(lint)
-__RCSID("$NetBSD: tree.c,v 1.65 2010/11/24 17:51:11 christos Exp $");
+__RCSID("$NetBSD: tree.c,v 1.66 2010/12/18 20:57:41 christos Exp $");
#endif
#include <stdlib.h>
@@ -4011,16 +4011,18 @@
len2 = strg2->st_len + 1; /* + NUL */
len = len1 + len2;
- if (strg1->st_tspec == CHAR) {
- strg1->st_cp = xrealloc(strg1->st_cp, len);
- (void)memcpy(strg1->st_cp + len1, strg2->st_cp, len2);
- free(strg2->st_cp);
- } else {
- strg1->st_wcp = xrealloc(strg1->st_wcp, sizeof(*strg1->st_wcp));
- (void)memcpy(strg1->st_wcp + len1, strg2->st_wcp,
- len2 * sizeof(*strg1->st_wcp));
- free(strg2->st_wcp);
- }
+#define COPY(F) \
+ do { \
+ strg1->F = xrealloc(strg1->F, len * sizeof(*strg1->F)); \
+ (void)memcpy(strg1->F + len1, strg2->F, len2 * sizeof(*strg1->F)); \
+ free(strg2->F); \
+ } while (/*CONSTCOND*/0)
+
+ if (strg1->st_tspec == CHAR)
+ COPY(st_cp);
+ else
+ COPY(st_wcp);
+
strg1->st_len = len - 1; /* - NUL */;
free(strg2);
