Todd C. Miller wrote:
> On Tue, 14 Jul 2015 12:55:35 -0400, "Ted Unangst" wrote:
>
> > so technically i believe this is still undefined since you're not supposed
> > to
> > look at freed pointers. an even more better fix would be to save the offset
> > before the realloc.
>
> Yeah, I forgot we had to deref store.
looks good.
>
> - todd
>
> Index: misc.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/find/misc.c,v
> retrieving revision 1.14
> diff -u -p -u -r1.14 misc.c
> --- misc.c 14 Jul 2015 16:58:22 -0000 1.14
> +++ misc.c 14 Jul 2015 17:05:19 -0000
> @@ -39,6 +39,7 @@
> #include <err.h>
> #include <errno.h>
> #include <fts.h>
> +#include <stddef.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
> @@ -60,12 +61,14 @@ brace_subst(char *orig, char **store, ch
> for (p = *store; (ch = *orig); ++orig)
> if (ch == '{' && orig[1] == '}') {
> while ((p - *store) + plen > len) {
> + ptrdiff_t p_off;
> char *newstore;
>
> + p_off = (p - *store);
> newstore = reallocarray(*store, len, 2);
> if (newstore == NULL)
> err(1, NULL);
> - p = (p - *store) + newstore;
> + p = newstore + p_off;
> *store = newstore;
> len *= 2;
> }
