wengzhe opened a new pull request, #1877:
URL: https://github.com/apache/nuttx-apps/pull/1877
## Summary
Got use-after-free warning under GCC 12 with `-O3` option, and I found that
`nsh_strcat` may realloc `ptr`, then `cmdline` may point to invalid memory.
Let `cmdline` point to the reallocated `ptr` may solve the problem. Tested
by `alias ll='ls -l'` and `ll /` on sim.
GCC output:
```
CC: binfmt_unloadmodule.c In function 'nsh_aliasexpand',
inlined from 'nsh_argument' at nsh_parse.c:1879:20:
nsh_parse.c:1196:23: error: pointer 'ptr' used after 'realloc'
[-Werror=use-after-free]
1196 | ptr = cmdline + len;
| ~~~~~~~~^~~~~~~~~~~~~~~
In function 'nsh_strcat',
inlined from 'nsh_aliasexpand' at nsh_parse.c:1190:21,
inlined from 'nsh_argument' at nsh_parse.c:1879:20:
nsh_parse.c:1100:27: note: call to 'realloc' here
1100 | argument = (FAR char *)realloc(s1, allocsize);
| ^~~~~~~~~~~~~~~~~~~~~~
```
## Impact
nsh alias
## Testing
Tested by `alias ll='ls -l'` and `ll /` on sim.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
