This is the mail archive of the
cygwin-patches
mailing list for the Cygwin project.
Re: [PATCH] cygwin_rexec() returns pointer to deallocated memory
- From: Peter Rosin <peda at lysator dot liu dot se>
- To: cygwin-patches at cygwin dot com
- Date: Mon, 26 May 2014 09:04:00 +0200
- Subject: Re: [PATCH] cygwin_rexec() returns pointer to deallocated memory
- Authentication-results: sourceware.org; auth=none
- References: <53811668 dot 5010208 at tiscali dot co dot uk>
On 2014-05-25 00:00, David Stacey wrote:
> In function cygwin_rexec(), a pointer to local buffer 'ahostbuf' is returned through 'ahost'. However, the buffer will have been deallocated at the end of the function, and so the contents of 'ahost' will be undefined. A trivial patch (attached) fixes the problem by making 'ahostbuf' static.
>
> This patch fixes Coverity bug ID #60028.
>
> Change Log:
> 2014-05-24 David Stacey <drstacey@tiscali.co.uk>
>
> * libc/rexec.cc (cygwin_rexec):
> Corrected returning a pointer to a buffer that will have gone out of
> scope.
I'm comparing with [1] and the same comment is applicable here (reading "it"
as "static").
Cheers,
Peter
[1] https://cygwin.com/viewvc/src/winsup/cygwin/libc/rcmd.cc?revision=1.8&view=markup#l134