From patchwork Fri Feb 22 16:47:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eugene Yudin X-Patchwork-Id: 1046997 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=uclibc-ng.org (client-ip=2a00:1828:2000:679::23; helo=helium.openadk.org; envelope-from=devel-bounces@uclibc-ng.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ndmsystems.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ndmsystems-com.20150623.gappssmtp.com header.i=@ndmsystems-com.20150623.gappssmtp.com header.b="ZEuDAFFO"; dkim-atps=neutral Received: from helium.openadk.org (helium.openadk.org [IPv6:2a00:1828:2000:679::23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 445cjJ48FTz9s5c for ; Sat, 23 Feb 2019 03:48:17 +1100 (AEDT) Received: from helium.openadk.org (localhost [IPv6:::1]) by helium.openadk.org (Postfix) with ESMTP id 431BB100B7; Fri, 22 Feb 2019 17:48:12 +0100 (CET) X-Original-To: devel@uclibc-ng.org Delivered-To: devel@helium.openadk.org Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com [209.85.167.49]) by helium.openadk.org (Postfix) with ESMTPS id 0E3E4100B7 for ; Fri, 22 Feb 2019 17:48:05 +0100 (CET) Received: by mail-lf1-f49.google.com with SMTP id p1so2190951lfk.9 for ; Fri, 22 Feb 2019 08:48:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ndmsystems-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=0Khca00grK4nNoGgI16L4FCPIe2A7A2JCiQA083zcDI=; b=ZEuDAFFOGf7zcPAl1qK7Qm9PfoVqYe6H9WbJXV6fQghlpTfYiPZ5WgVLnugKnTB2nd w2s14gi6qt5npcZ+pZUOEUMG37Z71vmaY4lAQXLZFzIcEC8uyBGFR5IyWwIA7Dab9ztq ryqzBOBnI5NNnul+DDEZuDpEPiLGzAkMYjDoEbGoeLnz2nkpTNH5htudePAwsZIa8Jws vqHR3dQoBxzF5w/AKqKVTHZ61hMdjn653IotL1uKHv/Gqlx3QxwkRJVH7HufedypenQK maimwke0F32n2ZQZA7Pd4lbbWoxXUaZ4VpU+NKhT2PXWpDqouDHTjpkFMsAfpRWIH02h qcyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=0Khca00grK4nNoGgI16L4FCPIe2A7A2JCiQA083zcDI=; b=rKQEfwFNN2ockLLrW3k4lo01EIxePslKdIh3u5b0sh90+Xk1PxgGkwqnLsySp4VJln VBu5qa84jKf37qcaxH71gTQJAmSusTuamXrA8VvdybJtjeln4uLMhEmBh/QKo/mCI9UD ykivwbZShQ/z1XoYL1vofBX466RHzbaTXc2LpaRzJ6sPVybP9cuO9EulktBSRLo5SimF oq7Wv/jpJB2z/jzM0/BFAGhcRrslnNQ/bvlcI65lCsbGNRee2FB0IfAOUIEDSfrGD+jv MHXbIB7YvJKasvYkXbE3CsUiywuzvRY1vFQChqR5n/loqEYZazsASfVyBCCtX03AKj3p kzyA== X-Gm-Message-State: AHQUAuZCinYlXEUC5+htZRn+t1qoEFqZxXwyaOmKrQczTmbPHL5MHzm2 hZt6XFGtjQKn1k22XZ2z1wFN1Llznqg1UF/2bz6bI1HZ+O7Bzw== X-Google-Smtp-Source: AHgI3IYsgHg4Anvq1jw18DlU8mTCnnQCnxo5wFjTz1a9DH273QDG+5Njwzeet9rpB0e7sX3uDh0LUD+udyP7X3X00Dk= X-Received: by 2002:a19:41cd:: with SMTP id o196mr2963278lfa.82.1550854084292; Fri, 22 Feb 2019 08:48:04 -0800 (PST) MIME-Version: 1.0 From: Eugene Yudin Date: Fri, 22 Feb 2019 19:47:53 +0300 Message-ID: To: devel@uclibc-ng.org Subject: [uclibc-ng-devel] [PATCH] Fix NULL pointer dereference in open_memstream() X-BeenThere: devel@uclibc-ng.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: uClibc-ng Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: devel-bounces@uclibc-ng.org Sender: "devel" Hi, Current version of uClibc-ng has issue in open_memstream() function. If the cookie variable is NULL (due malloc() fail) then null pointer is dereferenced after if block. The attached patch fixes this issue. diff --git a/libc/stdio/open_memstream.c b/libc/stdio/open_memstream.c index 17ef191cb..71a84138d 100644 --- a/libc/stdio/open_memstream.c +++ b/libc/stdio/open_memstream.c @@ -156,9 +156,10 @@ FILE *open_memstream(char **bufloc, size_t *sizeloc) __STDIO_STREAM_VALIDATE(fp); return fp; } + + free(cookie->buf); } - free(cookie->buf); EXIT_cookie: free(cookie);