This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [patch, libgfortran] Wrong result for UTF-8/UCS-4 list-directed and namelist read and nml write
- From: Jerry DeLisle <jvdelisle at charter dot net>
- To: Andreas Schwab <schwab at linux-m68k dot org>
- Cc: gfortran <fortran at gcc dot gnu dot org>, gcc patches <gcc-patches at gcc dot gnu dot org>
- Date: Sun, 27 Apr 2014 07:43:26 -0700
- Subject: Re: [patch, libgfortran] Wrong result for UTF-8/UCS-4 list-directed and namelist read and nml write
- Authentication-results: sourceware.org; auth=none
- References: <5337A474 dot 8090004 at charter dot net> <87lhurf0hu dot fsf at igel dot home>
On 04/27/2014 04:57 AM, Andreas Schwab wrote:
> Jerry DeLisle <jvdelisle@charter.net> writes:
>
>> +static void
>> +push_char4 (st_parameter_dt *dtp, gfc_char4_t c)
>> +{
>> + gfc_char4_t *new, *p = (gfc_char4_t *) dtp->u.p.saved_string;
>> +
>> + if (p == NULL)
>> + {
>> + dtp->u.p.saved_string = xcalloc (SCRATCH_SIZE, sizeof (gfc_char4_t));
>> + dtp->u.p.saved_length = SCRATCH_SIZE;
>> + dtp->u.p.saved_used = 0;
>> + p = (gfc_char4_t *) dtp->u.p.saved_string;
>> + }
>> +
>> + if (dtp->u.p.saved_used >= dtp->u.p.saved_length)
>> + {
>> + dtp->u.p.saved_length = 2 * dtp->u.p.saved_length;
>> + new = realloc (p, dtp->u.p.saved_length);
>
> That's a buffer overflow.
>
Do you mean it should be?
new = realloc (p, dtp->u.p.saved_length * sizeof (gfc_char4_t));
jerry