From bba6d26ca26a60690d50b3fe41a8778abd66cff0 Mon Sep 17 00:00:00 2001 From: cinap_lenrek Date: Thu, 24 Sep 2015 05:13:03 +0200 Subject: cpp: fix memory corruption due to input buffer relocation the dynamic input buffer resize code (fillbuf()) is broken as the calling code assumes that memory wont relocate. instead of trying to work out all the cases where this happens, i'm getting rid of fillbuf() and just read the whole file into memory in setsource(). the bug could be reproduced with something as simple as: @{for(i in `{seq 1 10000}){echo $i ', \'; }} | cpp --- sys/src/cmd/cpp/hideset.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sys/src/cmd/cpp/hideset.c') diff --git a/sys/src/cmd/cpp/hideset.c b/sys/src/cmd/cpp/hideset.c index 15bed4c21..b784e9599 100644 --- a/sys/src/cmd/cpp/hideset.c +++ b/sys/src/cmd/cpp/hideset.c @@ -53,7 +53,7 @@ newhideset(int hs, Nlist *np) return hs; if (nhidesets >= maxhidesets) { maxhidesets = 3*maxhidesets/2+1; - hidesets = (Hideset *)realloc(hidesets, (sizeof (Hideset *))*maxhidesets); + hidesets = (Hideset *)dorealloc(hidesets, (sizeof (Hideset *))*maxhidesets); } hs1 = (Hideset)domalloc(len*sizeof(Hideset)); memmove(hs1, nhs, len*sizeof(Hideset)); -- cgit v1.2.3