On 09/06 09:39, Rob Landley wrote: > > > On 6/9/20 8:56 AM, William Djupström via Toybox wrote: > > --- > > toys/posix/tar.c | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > diff --git a/toys/posix/tar.c b/toys/posix/tar.c > > index 8706ac30..d752acfe 100644 > > --- a/toys/posix/tar.c > > +++ b/toys/posix/tar.c > > @@ -246,7 +246,8 @@ static int add_to_tar(struct dirtree *node) > > i = 1; > > } else { > > // first time we've seen it. Store as normal file, but remember it. > > - if (!(TT.hlc&255)) TT.hlx = xrealloc(TT.hlx, TT.hlc+256); > > + if (!(TT.hlc&255)) > > + TT.hlx = xrealloc(TT.hlx, sizeof(*TT.hlx)*(TT.hlc+256)); > > TT.hlx[TT.hlc].arg = xstrdup(hname); > > TT.hlx[TT.hlc].ino = st->st_ino; > > TT.hlx[TT.hlc].dev = st->st_dev; > > @@ -270,7 +271,7 @@ static int add_to_tar(struct dirtree *node) > > } > > if (strlen(lnk) > sizeof(hdr.link)) write_longname(lnk, 'K'); > > strncpy(hdr.link, lnk, sizeof(hdr.link)); > > - if (i) free(lnk); > > + if (i==2) free(lnk); > > } else if (S_ISREG(st->st_mode)) { > > hdr.type = '0'; > > ITOO(hdr.size, st->st_size); > > > > Test case please? For the free() $ mkdir -p links $ touch links/orig $ ln links/{orig,link1} $ ln links/{orig,link2} $ ./toybox tar -cf test.tar links free(): double free detected in tcache 2 Aborted (core dumped)
For the xrealloc() $ mkdir links $ for i in {0..12}; do > touch links/orig$i > ln links/{orig,link}$i > done $ ./toybox tar -cf test.tar links Segmentation fault (core dumped) > > Rob > //William _______________________________________________ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net