This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
PATCH to libiberty/argv.c
- From: Gabriel Dos Reis <gdr at integrable-solutions dot net>
- To: gcc-patches at gcc dot gnu dot org
- Cc: DJ Delorie <dj at redhat dot com>, Ian Lance Taylor <ian at airs dot com>
- Date: 13 Apr 2005 09:52:41 +0200
- Subject: PATCH to libiberty/argv.c
- Organization: Integrable Solutions
Hi,
I found this bug while feeding libiberty to g++, which choked on the
invalid (in C++) conversion of void* -> T*
copy[argc] = malloc (sizeof (char *) * (len + 1));
Mechanically, I casted the result to (char **), only to discover that
it was invalid too. Further inspection of the code effectively
releaved that the variable copy is of type "char **" and the function
is trying to copy a string at the slot copy[argc] which is of type
char *. Consequently, we should be allocating (len + 1) bytes,
not sizeof (char *) * (len + 1).
OK to apply?
-- Gaby
2005-04-13 Gabriel Dos Reis <gdr@integrable-solutions.net>
* argv.c (dupargv): Mallocate space of argv[argc], not
sizeof(char *) of that amuont. Cast result to char *.
Index: argv.c
===================================================================
RCS file: /cvs/gcc/gcc/libiberty/argv.c,v
retrieving revision 1.14
diff -p -r1.14 argv.c
*** argv.c 26 Mar 2005 19:24:31 -0000 1.14
--- argv.c 13 Apr 2005 06:48:39 -0000
*************** dupargv (char **argv)
*** 77,83 ****
for (argc = 0; argv[argc] != NULL; argc++)
{
int len = strlen (argv[argc]);
! copy[argc] = malloc (sizeof (char *) * (len + 1));
if (copy[argc] == NULL)
{
freeargv (copy);
--- 77,83 ----
for (argc = 0; argv[argc] != NULL; argc++)
{
int len = strlen (argv[argc]);
! copy[argc] = (char *) malloc (len + 1);
if (copy[argc] == NULL)
{
freeargv (copy);