This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

PATCH to libiberty/argv.c


Hi, 

  I found this bug while feeding libiberty to g++, which choked on the
invalid (in C++) conversion of void* -> T*

      copy[argc] = malloc (sizeof (char *) * (len + 1));

Mechanically, I casted the result to (char **), only to discover that
it was invalid too.  Further inspection of the code effectively
releaved that the variable copy is of type "char **" and the function
is trying to copy a string at the slot copy[argc] which is of type
char *.  Consequently, we should be allocating (len + 1) bytes, 
not sizeof (char *) * (len + 1).  

OK to apply?

-- Gaby

2005-04-13  Gabriel Dos Reis  <gdr@integrable-solutions.net>

	* argv.c (dupargv): Mallocate space of argv[argc], not 
	sizeof(char *) of that amuont.  Cast result to char *.

Index: argv.c
===================================================================
RCS file: /cvs/gcc/gcc/libiberty/argv.c,v
retrieving revision 1.14
diff -p -r1.14 argv.c
*** argv.c	26 Mar 2005 19:24:31 -0000	1.14
--- argv.c	13 Apr 2005 06:48:39 -0000
*************** dupargv (char **argv)
*** 77,83 ****
    for (argc = 0; argv[argc] != NULL; argc++)
      {
        int len = strlen (argv[argc]);
!       copy[argc] = malloc (sizeof (char *) * (len + 1));
        if (copy[argc] == NULL)
  	{
  	  freeargv (copy);
--- 77,83 ----
    for (argc = 0; argv[argc] != NULL; argc++)
      {
        int len = strlen (argv[argc]);
!       copy[argc] = (char *) malloc (len + 1);
        if (copy[argc] == NULL)
  	{
  	  freeargv (copy);


   


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]