This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [patch, libgfortran] Wrong result for UTF-8/UCS-4 list-directed and namelist read and nml write


Jerry DeLisle <jvdelisle@charter.net> writes:

> +static void
> +push_char4 (st_parameter_dt *dtp, gfc_char4_t c)
> +{
> +  gfc_char4_t *new, *p = (gfc_char4_t *) dtp->u.p.saved_string;
> +
> +  if (p == NULL)
> +    {
> +      dtp->u.p.saved_string = xcalloc (SCRATCH_SIZE, sizeof (gfc_char4_t));
> +      dtp->u.p.saved_length = SCRATCH_SIZE;
> +      dtp->u.p.saved_used = 0;
> +      p = (gfc_char4_t *) dtp->u.p.saved_string;
> +    }
> +
> +  if (dtp->u.p.saved_used >= dtp->u.p.saved_length)
> +    {
> +      dtp->u.p.saved_length = 2 * dtp->u.p.saved_length;
> +      new = realloc (p, dtp->u.p.saved_length);

That's a buffer overflow.

Andreas.

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]