On Tue, 14 Jul 2015 12:55:35 -0400, "Ted Unangst" wrote:
> so technically i believe this is still undefined since you're not supposed to
> look at freed pointers. an even more better fix would be to save the offset
> before the realloc.
Yeah, I forgot we had to deref store.
- todd
Index: misc.c
===================================================================
RCS file: /cvs/src/usr.bin/find/misc.c,v
retrieving revision 1.14
diff -u -p -u -r1.14 misc.c
--- misc.c 14 Jul 2015 16:58:22 -0000 1.14
+++ misc.c 14 Jul 2015 17:05:19 -0000
@@ -39,6 +39,7 @@
#include <err.h>
#include <errno.h>
#include <fts.h>
+#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -60,12 +61,14 @@ brace_subst(char *orig, char **store, ch
for (p = *store; (ch = *orig); ++orig)
if (ch == '{' && orig[1] == '}') {
while ((p - *store) + plen > len) {
+ ptrdiff_t p_off;
char *newstore;
+ p_off = (p - *store);
newstore = reallocarray(*store, len, 2);
if (newstore == NULL)
err(1, NULL);
- p = (p - *store) + newstore;
+ p = newstore + p_off;
*store = newstore;
len *= 2;
}
