This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [patch, libgfortran] Wrong result for UTF-8/UCS-4 list-directed and namelist read and nml write
- From: Andreas Schwab <schwab at linux-m68k dot org>
- To: Jerry DeLisle <jvdelisle at charter dot net>
- Cc: gfortran <fortran at gcc dot gnu dot org>, gcc patches <gcc-patches at gcc dot gnu dot org>
- Date: Sun, 27 Apr 2014 13:57:49 +0200
- Subject: Re: [patch, libgfortran] Wrong result for UTF-8/UCS-4 list-directed and namelist read and nml write
- Authentication-results: sourceware.org; auth=none
- References: <5337A474 dot 8090004 at charter dot net>
Jerry DeLisle <jvdelisle@charter.net> writes:
> +static void
> +push_char4 (st_parameter_dt *dtp, gfc_char4_t c)
> +{
> + gfc_char4_t *new, *p = (gfc_char4_t *) dtp->u.p.saved_string;
> +
> + if (p == NULL)
> + {
> + dtp->u.p.saved_string = xcalloc (SCRATCH_SIZE, sizeof (gfc_char4_t));
> + dtp->u.p.saved_length = SCRATCH_SIZE;
> + dtp->u.p.saved_used = 0;
> + p = (gfc_char4_t *) dtp->u.p.saved_string;
> + }
> +
> + if (dtp->u.p.saved_used >= dtp->u.p.saved_length)
> + {
> + dtp->u.p.saved_length = 2 * dtp->u.p.saved_length;
> + new = realloc (p, dtp->u.p.saved_length);
That's a buffer overflow.
Andreas.
--
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."