This is the mail archive of the cygwin-patches mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] cygwin_rexec() returns pointer to deallocated memory


On 2014-05-25 00:00, David Stacey wrote:
> In function cygwin_rexec(), a pointer to local buffer 'ahostbuf' is returned through 'ahost'. However, the buffer will have been deallocated at the end of the function, and so the contents of 'ahost' will be undefined. A trivial patch (attached) fixes the problem by making 'ahostbuf' static.
> 
> This patch fixes Coverity bug ID #60028.
> 
> Change Log:
> 2014-05-24  David Stacey  <drstacey@tiscali.co.uk>
> 
>         * libc/rexec.cc (cygwin_rexec):
>         Corrected returning a pointer to a buffer that will have gone out of
>         scope.

I'm comparing with [1] and the same comment is applicable here (reading "it"
as "static").

Cheers,
Peter

[1] https://cygwin.com/viewvc/src/winsup/cygwin/libc/rcmd.cc?revision=1.8&view=markup#l134


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]