Re: [patch, libgfortran] Wrong result for UTF-8/UCS-4 list-directed and namelist read and nml write

Andreas Schwab Sun, 27 Apr 2014 04:58:31 -0700

Jerry DeLisle <jvdeli...@charter.net> writes:

> +static void
> +push_char4 (st_parameter_dt *dtp, gfc_char4_t c)
> +{
> +  gfc_char4_t *new, *p = (gfc_char4_t *) dtp->u.p.saved_string;
> +
> +  if (p == NULL)
> +    {
> +      dtp->u.p.saved_string = xcalloc (SCRATCH_SIZE, sizeof (gfc_char4_t));
> +      dtp->u.p.saved_length = SCRATCH_SIZE;
> +      dtp->u.p.saved_used = 0;
> +      p = (gfc_char4_t *) dtp->u.p.saved_string;
> +    }
> +
> +  if (dtp->u.p.saved_used >= dtp->u.p.saved_length)
> +    {
> +      dtp->u.p.saved_length = 2 * dtp->u.p.saved_length;
> +      new = realloc (p, dtp->u.p.saved_length);


That's a buffer overflow.

Andreas.

-- 
Andreas Schwab, sch...@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."

Re: [patch, libgfortran] Wrong result for UTF-8/UCS-4 list-directed and namelist read and nml write

Reply via email to