[patch, libgfortran] Wrong result for UTF-8/UCS-4 list-directed and namelist read and nml write
Jerry DeLisle
jvdelisle@charter.net
Sun Apr 27 15:17:00 GMT 2014
On 04/27/2014 04:57 AM, Andreas Schwab wrote:
> Jerry DeLisle <jvdelisle@charter.net> writes:
>
>> +static void
>> +push_char4 (st_parameter_dt *dtp, gfc_char4_t c)
>> +{
>> + gfc_char4_t *new, *p = (gfc_char4_t *) dtp->u.p.saved_string;
>> +
>> + if (p == NULL)
>> + {
>> + dtp->u.p.saved_string = xcalloc (SCRATCH_SIZE, sizeof (gfc_char4_t));
>> + dtp->u.p.saved_length = SCRATCH_SIZE;
>> + dtp->u.p.saved_used = 0;
>> + p = (gfc_char4_t *) dtp->u.p.saved_string;
>> + }
>> +
>> + if (dtp->u.p.saved_used >= dtp->u.p.saved_length)
>> + {
>> + dtp->u.p.saved_length = 2 * dtp->u.p.saved_length;
>> + new = realloc (p, dtp->u.p.saved_length);
>
> That's a buffer overflow.
>
Do you mean it should be?
new = realloc (p, dtp->u.p.saved_length * sizeof (gfc_char4_t));
jerry
More information about the Gcc-patches
mailing list