diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2015-09-24 05:13:03 +0200 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2015-09-24 05:13:03 +0200 |
| commit | bba6d26ca26a60690d50b3fe41a8778abd66cff0 (patch) | |
| tree | a4422c245464ffbbf529163e776790148062a015 /sys/src/cmd/cpp/tokens.c | |
| parent | 2b5ab91775b97d9e53b2c92a45164703855029a2 (diff) | |
cpp: fix memory corruption due to input buffer relocation
the dynamic input buffer resize code (fillbuf()) is broken as
the calling code assumes that memory wont relocate. instead
of trying to work out all the cases where this happens, i'm
getting rid of fillbuf() and just read the whole file into
memory in setsource().
the bug could be reproduced with something as simple as:
@{for(i in `{seq 1 10000}){echo $i ', \'; }} | cpp
Diffstat (limited to 'sys/src/cmd/cpp/tokens.c')
| -rw-r--r-- | sys/src/cmd/cpp/tokens.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/src/cmd/cpp/tokens.c b/sys/src/cmd/cpp/tokens.c index 26ccb087c..1db8b0344 100644 --- a/sys/src/cmd/cpp/tokens.c +++ b/sys/src/cmd/cpp/tokens.c @@ -92,7 +92,7 @@ growtokenrow(Tokenrow *trp) int nlast = trp->lp - trp->bp; trp->max = 3*trp->max/2 + 1; - trp->bp = (Token *)realloc(trp->bp, trp->max*sizeof(Token)); + trp->bp = (Token *)dorealloc(trp->bp, trp->max*sizeof(Token)); trp->lp = &trp->bp[nlast]; trp->tp = &trp->bp[ncur]; return trp->lp; |