From 2257aac321ebbdb7eb52e0212f0dcbfd4b165901 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Thu, 12 May 2011 11:58:47 +0200 Subject: [PATCH] Fix free-after-use with nested assignments (#703104) --- make-3.82-copy-on-expand.patch | 77 ++++++++++++++++++++++++++++++++++ make.spec | 7 +++- 2 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 make-3.82-copy-on-expand.patch diff --git a/make-3.82-copy-on-expand.patch b/make-3.82-copy-on-expand.patch new file mode 100644 index 0000000..55354ea --- /dev/null +++ b/make-3.82-copy-on-expand.patch @@ -0,0 +1,77 @@ +From 2f661dc20617ba6fdeb2d7e243dc898653faafea Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Tue, 26 Apr 2011 21:50:26 +0200 +Subject: [PATCH] Always copy the string before expanding it + +It might get freed during expansion, e.g. with eval function. +A simple reproducer: + +TRUE = $(eval TRUE := true) +all: + $(TRUE) +--- + ChangeLog | 5 +++++ + expand.c | 18 +++++++++--------- + 2 files changed, 14 insertions(+), 9 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index 91878fb..7519164 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,8 @@ ++2011-04-26 Lubomir Rintel ++ ++ * expand.c (variable_expand_string): Always copy the string ++ to expand. ++ + 2010-08-13 Paul Smith + + * NEWS: Accidentally forgot to back out the sorted wildcard +diff --git a/expand.c b/expand.c +index 2315b06..3e6e346 100644 +--- a/expand.c ++++ b/expand.c +@@ -197,7 +197,7 @@ variable_expand_string (char *line, const char *string, long length) + { + struct variable *v; + const char *p, *p1; +- char *abuf = NULL; ++ char *abuf; + char *o; + unsigned int line_offset; + +@@ -214,14 +214,15 @@ variable_expand_string (char *line, const char *string, long length) + + /* If we want a subset of the string, allocate a temporary buffer for it. + Most of the functions we use here don't work with length limits. */ +- if (length > 0 && string[length] != '\0') ++ if (length == -1) + { +- abuf = xmalloc(length+1); +- memcpy(abuf, string, length); +- abuf[length] = '\0'; +- string = abuf; ++ length = strlen (string); + } +- p = string; ++ ++ abuf = xmalloc(length+1); ++ memcpy(abuf, string, length); ++ abuf[length] = '\0'; ++ p = abuf; + + while (1) + { +@@ -411,8 +412,7 @@ variable_expand_string (char *line, const char *string, long length) + ++p; + } + +- if (abuf) +- free (abuf); ++ free (abuf); + + variable_buffer_output (o, "", 1); + return (variable_buffer + line_offset); +-- +1.7.4.1 + diff --git a/make.spec b/make.spec index 0ea3fdd..aa4e0c1 100644 --- a/make.spec +++ b/make.spec @@ -3,7 +3,7 @@ Summary: A GNU tool which simplifies the build process for users Name: make Epoch: 1 Version: 3.82 -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv2+ Group: Development/Tools URL: http://www.gnu.org/software/make/ @@ -18,6 +18,7 @@ Patch7: make-3.82-newlines.patch Patch8: make-3.82-jobserver.patch Patch9: make-3.82-bugfixes.patch Patch10: make-3.82-sort-blank.patch +Patch11: make-3.82-copy-on-expand.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires(post): /sbin/install-info Requires(preun): /sbin/install-info @@ -43,6 +44,7 @@ makefile. %patch8 -p1 %patch9 -p1 %patch10 -p1 +%patch11 -p1 %build %configure @@ -85,6 +87,9 @@ fi %{_infodir}/*.info* %changelog +* Tue May 12 2011 Lubomir Rintel - 1:3.82-6 +- Fix free-after-use with nested assignments (#703104) + * Tue Feb 08 2011 Fedora Release Engineering - 1:3.82-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild