Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PATCH] Coverity: printfing after freeing #13765

Closed
p5pRT opened this issue Apr 25, 2014 · 6 comments
Closed

[PATCH] Coverity: printfing after freeing #13765

p5pRT opened this issue Apr 25, 2014 · 6 comments

Comments

@p5pRT
Copy link

p5pRT commented Apr 25, 2014

Migrated from rt.perl.org#121728 (status was 'resolved')

Searchable as RT121728$

@p5pRT
Copy link
Author

p5pRT commented Apr 25, 2014

From @jhi

Compiled with DEBUGGING, unearthed couple more 'high impact' ones,
here's one where we first free a savepv and then printf it.

@p5pRT
Copy link
Author

p5pRT commented Apr 25, 2014

From @jhi

0001-Fix-for-Coverity-perl5-CID-45366.patch
From e914df0fdbde56d1f8e4d3199ede89a725c15d21 Mon Sep 17 00:00:00 2001
From: Jarkko Hietaniemi <jhi@iki.fi>
Date: Thu, 24 Apr 2014 20:33:16 -0400
Subject: [PATCH 1/2] Fix for Coverity perl5 CID 45366: Use after free
 (USE_AFTER_FREE) pass_freed_arg: Passing freed pointer save_input_locale as
 an argument to PerlIO_printf.

Printfing save-pvs after freeing them.
---
 locale.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/locale.c b/locale.c
index b2f0013..a6aa431 100644
--- a/locale.c
+++ b/locale.c
@@ -1182,20 +1182,20 @@ S_is_cur_LC_category_utf8(pTHX_ int category)
         && *(save_input_locale + final_pos - 3) == '5'
         && *(save_input_locale + final_pos - 4) == '6')
     {
-        Safefree(save_input_locale);
         DEBUG_L(PerlIO_printf(Perl_debug_log,
                         "Locale %s ends with 10056 in name, is UTF-8 locale\n",
                         save_input_locale));
+        Safefree(save_input_locale);
         return TRUE;
     }
 #endif
 
     /* Other common encodings are the ISO 8859 series, which aren't UTF-8 */
     if (instr(save_input_locale, "8859")) {
-        Safefree(save_input_locale);
         DEBUG_L(PerlIO_printf(Perl_debug_log,
                              "Locale %s has 8859 in name, not UTF-8 locale\n",
                              save_input_locale));
+        Safefree(save_input_locale);
         return FALSE;
     }
 
-- 
1.9.2

@p5pRT
Copy link
Author

p5pRT commented Apr 26, 2014

From @tonycoz

On Thu Apr 24 18​:44​:51 2014, jhi wrote​:

Compiled with DEBUGGING, unearthed couple more 'high impact' ones,
here's one where we first free a savepv and then printf it.

I've added this as a 5.20 blocker and plan to apply it early next week unless someone objects.

Tony

@p5pRT
Copy link
Author

p5pRT commented Apr 26, 2014

The RT System itself - Status changed from 'new' to 'open'

@p5pRT
Copy link
Author

p5pRT commented Apr 28, 2014

From @tonycoz

On Fri Apr 25 18​:31​:25 2014, tonyc wrote​:

On Thu Apr 24 18​:44​:51 2014, jhi wrote​:

Compiled with DEBUGGING, unearthed couple more 'high impact' ones,
here's one where we first free a savepv and then printf it.

I've added this as a 5.20 blocker and plan to apply it early next week
unless someone objects.

Thanks, applied as d37662c.

Tony

@p5pRT
Copy link
Author

p5pRT commented Apr 28, 2014

@tonycoz - Status changed from 'open' to 'resolved'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant