Module Name: src
Committed By: mrg
Date: Thu Aug 10 20:38:00 UTC 2023
Modified Files:
src/lib/libc/net: gethnamaddr.c
src/lib/libedit: chartype.c
src/lib/libkvm: kvm_proc.c
Log Message:
avoid various use-after-free issues.
create a ptrdiff_t offset between the start of an allocation region and
some interesting pointer, so it can be adjusted with this offset after
realloc() returns.
found by GCC 12.
To generate a diff of this commit:
cvs rdiff -u -r1.94 -r1.95 src/lib/libc/net/gethnamaddr.c
cvs rdiff -u -r1.36 -r1.37 src/lib/libedit/chartype.c
cvs rdiff -u -r1.98 -r1.99 src/lib/libkvm/kvm_proc.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libc/net/gethnamaddr.c
diff -u src/lib/libc/net/gethnamaddr.c:1.94 src/lib/libc/net/gethnamaddr.c:1.95
--- src/lib/libc/net/gethnamaddr.c:1.94 Tue Apr 19 20:32:15 2022
+++ src/lib/libc/net/gethnamaddr.c Thu Aug 10 20:38:00 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: gethnamaddr.c,v 1.94 2022/04/19 20:32:15 rillig Exp $ */
+/* $NetBSD: gethnamaddr.c,v 1.95 2023/08/10 20:38:00 mrg Exp $ */
/*
* ++Copyright++ 1985, 1988, 1993
@@ -57,7 +57,7 @@
static char sccsid[] = "@(#)gethostnamadr.c 8.1 (Berkeley) 6/4/93";
static char rcsid[] = "Id: gethnamaddr.c,v 8.21 1997/06/01 20:34:37 vixie Exp ";
#else
-__RCSID("$NetBSD: gethnamaddr.c,v 1.94 2022/04/19 20:32:15 rillig Exp $");
+__RCSID("$NetBSD: gethnamaddr.c,v 1.95 2023/08/10 20:38:00 mrg Exp $");
#endif
#endif /* LIBC_SCCS and not lint */
@@ -110,10 +110,11 @@ __weak_alias(gethostent,_gethostent)
#define addalias(d, s, arr, siz) do { \
if (d >= &arr[siz]) { \
+ ptrdiff_t _off = d - arr; \
char **xptr = realloc(arr, (siz + 10) * sizeof(*arr)); \
if (xptr == NULL) \
goto nospc; \
- d = xptr + (d - arr); \
+ d = xptr + _off; \
arr = xptr; \
siz += 10; \
} \
Index: src/lib/libedit/chartype.c
diff -u src/lib/libedit/chartype.c:1.36 src/lib/libedit/chartype.c:1.37
--- src/lib/libedit/chartype.c:1.36 Sun Oct 30 19:11:31 2022
+++ src/lib/libedit/chartype.c Thu Aug 10 20:38:00 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: chartype.c,v 1.36 2022/10/30 19:11:31 christos Exp $ */
+/* $NetBSD: chartype.c,v 1.37 2023/08/10 20:38:00 mrg Exp $ */
/*-
* Copyright (c) 2009 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
*/
#include "config.h"
#if !defined(lint) && !defined(SCCSID)
-__RCSID("$NetBSD: chartype.c,v 1.36 2022/10/30 19:11:31 christos Exp $");
+__RCSID("$NetBSD: chartype.c,v 1.37 2023/08/10 20:38:00 mrg Exp $");
#endif /* not lint && not SCCSID */
#include <ctype.h>
@@ -235,17 +235,17 @@ ct_visual_string(const wchar_t *s, ct_bu
}
/* failed to encode, need more buffer space */
- used = dst - conv->wbuff;
+ uintptr_t sused = (uintptr_t)dst - (uintptr_t)conv->wbuff;
if (ct_conv_wbuff_resize(conv, conv->wsize + CT_BUFSIZ) == -1)
return NULL;
- dst = conv->wbuff + used;
+ dst = conv->wbuff + sused;
}
if (dst >= (conv->wbuff + conv->wsize)) { /* sigh */
- used = dst - conv->wbuff;
+ uintptr_t sused = (uintptr_t)dst - (uintptr_t)conv->wbuff;
if (ct_conv_wbuff_resize(conv, conv->wsize + CT_BUFSIZ) == -1)
return NULL;
- dst = conv->wbuff + used;
+ dst = conv->wbuff + sused;
}
*dst = L'\0';
Index: src/lib/libkvm/kvm_proc.c
diff -u src/lib/libkvm/kvm_proc.c:1.98 src/lib/libkvm/kvm_proc.c:1.99
--- src/lib/libkvm/kvm_proc.c:1.98 Tue Apr 19 20:32:16 2022
+++ src/lib/libkvm/kvm_proc.c Thu Aug 10 20:38:00 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: kvm_proc.c,v 1.98 2022/04/19 20:32:16 rillig Exp $ */
+/* $NetBSD: kvm_proc.c,v 1.99 2023/08/10 20:38:00 mrg Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -67,7 +67,7 @@
#if 0
static char sccsid[] = "@(#)kvm_proc.c 8.3 (Berkeley) 9/23/93";
#else
-__RCSID("$NetBSD: kvm_proc.c,v 1.98 2022/04/19 20:32:16 rillig Exp $");
+__RCSID("$NetBSD: kvm_proc.c,v 1.99 2023/08/10 20:38:00 mrg Exp $");
#endif
#endif /* LIBC_SCCS and not lint */
@@ -980,7 +980,7 @@ kvm_argv(kvm_t *kd, const struct minipro
if (len + cc > kd->argspc_len) {
ptrdiff_t off;
char **pp;
- char *op = kd->argspc;
+ uintptr_t op = (uintptr_t)kd->argspc;
kd->argspc_len *= 2;
kd->argspc = _kvm_realloc(kd, kd->argspc,
@@ -991,7 +991,7 @@ kvm_argv(kvm_t *kd, const struct minipro
* Adjust argv pointers in case realloc moved
* the string space.
*/
- off = kd->argspc - op;
+ off = (uintptr_t)kd->argspc - op;
for (pp = kd->argv; pp < argv; pp++)
*pp += off;
ap += off;
