URL:
<https://savannah.gnu.org/bugs/?56694>
Summary: troff mixes malloc / delete[]
Project: GNU troff
Submitted by: None
Submitted on: Mon 29 Jul 2019 09:17:29 PM UTC
Category: Core
Severity: 3 - Normal
Item Group: Crash/Not responding
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release: None
_______________________________________________________
Details:
I use Scudo [1] as the systemwide allocator on most of my systems. GNU troff
is one of the very few binaries that fail with it, due to relying on undefined
behavior with memory allocation.
Specifically, the search_path::open_file(..., char**) returns a path that is
sometimes allocated with new[] but usually allocated with malloc (since that's
how the "strsave" function is implemented -- it's basically an strdup). The
returned paths are then deallocated using delete[], which is undefined
behavior and only works with some lenient memory allocators.
Attached is a draft patch that solves the issue as far as I can tell with some
basic testing, but I have no idea how common that pattern is in the codebase
and I don't have a good way to test all of it. And it's not a beautiful patch
either.
[1] https://llvm.org/docs/ScudoHardenedAllocator.html
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Mon 29 Jul 2019 09:17:29 PM UTC Name: free.diff Size: 2KiB By: None
<http://savannah.gnu.org/bugs/download.php?file_id=47276>
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?56694>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
_______________________________________________
bug-groff mailing list
bug-groff@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-groff
