This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Adjust pointers to triplets in netgroup query data (BZ #16474)
- From: Siddhesh Poyarekar <siddhesh at redhat dot com>
- To: Andreas Schwab <schwab at linux-m68k dot org>
- Cc: OndÅej BÃlka <neleai at seznam dot cz>, libc-alpha at sourceware dot org
- Date: Fri, 24 Jan 2014 23:37:08 +0530
- Subject: Re: [PATCH] Adjust pointers to triplets in netgroup query data (BZ #16474)
- Authentication-results: sourceware.org; auth=none
- References: <20140121172451 dot GJ5544 at spoyarek dot pnq dot redhat dot com> <20140123123841 dot GA5631 at domone dot podge> <20140124085757 dot GA5544 at spoyarek dot pnq dot redhat dot com> <87d2jhtnl8 dot fsf at igel dot home>
On Fri, Jan 24, 2014 at 04:18:43PM +0100, Andreas Schwab wrote:
> Siddhesh Poyarekar <siddhesh@redhat.com> writes:
>
> > @@ -241,7 +241,17 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
> > if (buflen - req->key_len - bufused < needed)
> > {
> > buflen += MAX (buflen, 2 * needed);
> > - buffer = xrealloc (buffer, buflen);
> > + char *newbuf = xrealloc (buffer, buflen);
> > + /* Adjust the pointers in the new
> > + buffer. */
> > + nhost = (nhost ? newbuf + (nhost - buffer)
>
> This is undefined. If realloc was sucessful then buffer is no longer
> valid. You need to compute nhost - buffer before doing the realloc.
Thanks for pointing that out, does the following fix look OK?
Siddhesh
* nscd/netgroupcache.c (addgetnetgrentX): Compute offset from
the old buffer before realloc.
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
index 924567c..be01fe8 100644
--- a/nscd/netgroupcache.c
+++ b/nscd/netgroupcache.c
@@ -241,15 +241,21 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
if (buflen - req->key_len - bufused < needed)
{
buflen += MAX (buflen, 2 * needed);
+ /* Save offset in the old buffer. We don't
+ bother with the NULL check here since
+ we'll do that later anyway. */
+ size_t nhostdiff = nhost - buffer;
+ size_t nuserdiff = nuser - buffer;
+ size_t ndomaindiff = ndomain - buffer;
+
char *newbuf = xrealloc (buffer, buflen);
- /* Adjust the pointers in the new
+ /* Fix up the triplet pointers into the new
buffer. */
- nhost = (nhost ? newbuf + (nhost - buffer)
+ nhost = (nhost ? newbuf + nhostdiff
: NULL);
- nuser = (nuser ? newbuf + (nuser - buffer)
+ nuser = (nuser ? newbuf + nuserdiff
: NULL);
- ndomain = (ndomain
- ? newbuf + (ndomain - buffer)
+ ndomain = (ndomain ? newbuf + ndomaindiff
: NULL);
buffer = newbuf;
}