[git commit] bc: hopefully fix bug 14956 (use-after-free)
Denys Vlasenko
vda.linux at googlemail.com
Thu Aug 18 14:23:55 UTC 2022
commit: https://git.busybox.net/busybox/commit/?id=41d5f800a14769704082f7faeabb8435285499be
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
miscutils/bc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/miscutils/bc.c b/miscutils/bc.c
index ab785bbc8..1300a63fb 100644
--- a/miscutils/bc.c
+++ b/miscutils/bc.c
@@ -2892,6 +2892,8 @@ static char peek_inbuf(void)
) {
xc_read_line(&G.input_buffer, G.prs.lex_input_fp);
G.prs.lex_inbuf = G.input_buffer.v;
+ // lex_next_at may point to now-freed data, update it:
+ G.prs.lex_next_at = G.prs.lex_inbuf;
if (G.input_buffer.len <= 1) // on EOF, len is 1 (NUL byte)
G.prs.lex_input_fp = NULL;
}
More information about the busybox-cvs
mailing list