2012-06-21 Jeff Law * intl/dcigettext.c (_nl_find_msg): Avoid use after potential free. Simplify list management for _LIBC case. diff --git a/intl/dcigettext.c b/intl/dcigettext.c index f6b7573..fcd1c78 100644 --- a/intl/dcigettext.c +++ b/intl/dcigettext.c @@ -1155,7 +1155,7 @@ _nl_find_msg (domain_file, domainbinding, msgid, convert, lengthp) freemem_size); # ifdef _LIBC if (newmem != NULL) - transmem_list = transmem_list->next; + transmem_list = newmem; else { struct transmem_list *old = transmem_list; @@ -1170,6 +1170,12 @@ _nl_find_msg (domain_file, domainbinding, msgid, convert, lengthp) malloc_count = 1; freemem_size = INITIAL_BLOCK_SIZE; newmem = (transmem_block_t *) malloc (freemem_size); +# ifdef _LIBC + /* Add the block to the list of blocks we have to free + at some point. */ + newmem->next = transmem_list; + transmem_list = newmem; +# endif } if (__builtin_expect (newmem == NULL, 0)) { @@ -1180,11 +1186,6 @@ _nl_find_msg (domain_file, domainbinding, msgid, convert, lengthp) } # ifdef _LIBC - /* Add the block to the list of blocks we have to free - at some point. */ - newmem->next = transmem_list; - transmem_list = newmem; - freemem = (unsigned char *) newmem->data; freemem_size -= offsetof (struct transmem_list, data); # else