-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix use-after-free in tilde expansion disciplines (re: 936a193)
When compiling with AddressSanitizer/ASan, the regression tests on tests/tilde.sh line 163 occasionally aborts with a stack trace. In addition, the test on line 155 intermittently fails on a Linux armv7l system (without ASan). Something is wrong in my code here. The ASan stack trace shows a use after free in tilde_expand2() on macro.c line 2734, right after the stkseek() call that restores the stack state -- *and* that this space had been freed earlier via macro.c line 2722, the stkset() call that restores the stack after running a tilde discipline shell function. Evidently, stkfreeze() followed by stkset() is not correct here. The fix, as it turns out, is to simply write a 0 byte to the stack instead of freezing the stack adding a 0 byte, then restoring the stack state with stkseek() instead of stkset(), thus avoiding a potential rearranging of stack memory.
- Loading branch information
Showing
3 changed files
with
8 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters