[Rd] [PATCH] Fix bad free in connections
Steve Grubb
sgrubb at redhat.com
Thu Jul 20 23:04:09 CEST 2017
Hello,
There are times when b points to buf which is a stack variable. This
leads to a bad free. The current test actually guarantees the stack
will try to get freed. Simplest to just drop the variable and directly
test if b should get freed.
Signed-off-by: Steve Grubb <sgrubb at redhat.com>
Index: src/main/connections.c
===================================================================
--- src/main/connections.c (revision 72935)
+++ src/main/connections.c (working copy)
@@ -421,7 +421,6 @@
char buf[BUFSIZE], *b = buf;
int res;
const void *vmax = NULL; /* -Wall*/
- int usedVasprintf = FALSE;
va_list aq;
va_copy(aq, ap);
@@ -434,7 +433,7 @@
b = buf;
buf[BUFSIZE-1] = '\0';
warning(_("printing of extremely long output is truncated"));
- } else usedVasprintf = TRUE;
+ }
}
#else
if(res >= BUFSIZE) { /* res is the desired output length */
@@ -481,7 +480,7 @@
} else
con->write(b, 1, res, con);
if(vmax) vmaxset(vmax);
- if(usedVasprintf) free(b);
+ if(b != buf) free(b);
return res;
}
More information about the R-devel
mailing list