[PATCH] cygwin_rexec() returns pointer to deallocated memory
David Stacey
drstacey@tiscali.co.uk
Sat May 24 22:00:00 GMT 2014
In function cygwin_rexec(), a pointer to local buffer 'ahostbuf' is
returned through 'ahost'. However, the buffer will have been deallocated
at the end of the function, and so the contents of 'ahost' will be
undefined. A trivial patch (attached) fixes the problem by making
'ahostbuf' static.
This patch fixes Coverity bug ID #60028.
Change Log:
2014-05-24 David Stacey <drstacey@tiscali.co.uk>
* libc/rexec.cc (cygwin_rexec):
Corrected returning a pointer to a buffer that will have gone
out of
scope.
Cheers,
Dave.
-------------- next part --------------
--- cygwin-orig/libc/rexec.cc 2013-04-23 10:44:35.000000000 +0100
+++ cygwin/libc/rexec.cc 2014-05-24 22:37:39.764370000 +0100
@@ -317,7 +317,7 @@
u_short port = 0;
int s, timo = 1, s3;
char c;
- char ahostbuf[INTERNET_MAX_HOST_NAME_LENGTH + 1];
+ static char ahostbuf[INTERNET_MAX_HOST_NAME_LENGTH + 1];
myfault efault;
if (efault.faulted (EFAULT))
More information about the Cygwin-patches
mailing list