From nobody Mon Oct 03 23:11:30 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MhGmf5d1Bz4V1V1; Mon, 3 Oct 2022 23:11:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MhGmf56Mtz3QdL; Mon, 3 Oct 2022 23:11:30 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1664838690; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aHXWvT8GcQKCaBhmTk1VzDc3BfLqFL4Pgn6Jx9Rc+Ok=; b=bEw5Kkt+Ool182G7+w8yOqyc2vyrtOKGDFG41B37xE/81Z3Of+8nqapi0KTM999LZuhvvN GO/Fjpvfn5YSAyhbiYpmXT/X6f4LtqzbpVKG2wT6+9TE+xcgGzzVrVI0tV9s3tFgifnBhA fcCSCtYmOj+WMtY0tJ+TkdQEX2vkkEghXv9Un1O++1KctUR6hdt//Yi5n2xByZhIMdZXdM EcBoSHaRsb0ymGBPPN6nxQnfp54zYXPvv3NTw+HOwFh3wZuZkXGTKJweGYdUL6e+TG164U rby7fjLcFDitjIAlHz5p0xFRtCM/2YB0Bmaxw7N6QEVUAciuJZUQoI/yj3gw5g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4MhGmf4BtXzMVl; Mon, 3 Oct 2022 23:11:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 293NBUP4065805; Mon, 3 Oct 2022 23:11:30 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 293NBUN7065804; Mon, 3 Oct 2022 23:11:30 GMT (envelope-from git) Date: Mon, 3 Oct 2022 23:11:30 GMT Message-Id: <202210032311.293NBUN7065804@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: John Baldwin Subject: git: 3736b2dd3270 - main - diff: Fix a use after free as well as a memory leak in change(). List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3736b2dd327050d2e6c925964b210eccbaac51ab Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1664838690; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aHXWvT8GcQKCaBhmTk1VzDc3BfLqFL4Pgn6Jx9Rc+Ok=; b=bTekVPvEqaY/BnIk9eYzX5khl8/OP2K9B8fOnJaVMAh/YrASw2U1s9VXKupUY717Txx6/B jqhIxn3KQCgj/f+EBbNEpvzl3mNg92zydcRgM4TpPBihVJfHREF6XRjin7AYZ8DOLuk4u0 BeQgIwmRM65xg+eMYdhqQNcRIpler81gbXnUwEWRpwUfqsgD+PVk0grCfugcthuQcjfFXZ uGK2DSTLAn25nQP8EVGjQcuzg+aG/CGxI+4/iqqgdmDB8YUYyGESCfBZM/g4/UyDdyJ50R HSf+hZrwGHXFFk1VsLaZLhHVRy3quKtw0yPXGEjK6ZUBowrWZ3ki4rZLkFeBJA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1664838690; a=rsa-sha256; cv=none; b=PZrb6zVJNVz7ok+rTAoOBmj2ADXn7noxyp57pgJY/ejlYWIRBBuDpC9NdQlG0NHPxnFbRg SFBszdwTuWkjhmd0C+yLeDyBdq6MSZTZK1wRBK7aVqgHOEga3loDxiojCsdgv8iA3boxDb sVoI/aWXdGkiKim+kpavP4MrpUjF0aVrjYaW8mMcXyQKxffSRLZagnjbTF8DYMkj1gDD/z 972quxa1qm7gOze7nH6hWlEhp6pHXQnlTlCPJLW1OoTd0Se+vvRmBP9aoFvB6b5oQ/6S68 jJKXgRJlzKrQteG6Qre6yk83JSLR1w977oH7mJjs6D3lGqzSWII3IsSi3y8XLA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=3736b2dd327050d2e6c925964b210eccbaac51ab commit 3736b2dd327050d2e6c925964b210eccbaac51ab Author: John Baldwin AuthorDate: 2022-10-03 23:10:43 +0000 Commit: John Baldwin CommitDate: 2022-10-03 23:10:43 +0000 diff: Fix a use after free as well as a memory leak in change(). When -B or -I are used, change() evaluates the lines in a hunk to determine if it is a hunk that should be ignored. It does this by reading each candidate line into a mallocated buffer via preadline() and then calling ignoreline(). Previously the buffer was freed as a side effect of ignoreline_pattern() called from ignoreline(). However, if only -B was specified, then ignoreline_pattern() was not called and the lines were leaked. If both options were specified, then ignoreline_pattern() was called before checking for a blank line so that the second check was a use after free. To fix, pull the free() out of ignoreline_pattern() and instead do it up in change() so that is paired with preadline(). While here, simplify ignoreline() by checking for the -B and -I cases individually without a separate clause for when both are set. Also, do the cheaper check (-B) first, and remove a false comment (this function is only called if at least one of -I or -B are specified). Reviewed by: emaste Reported by: GCC 12 -Wuse-after-free Differential Revision: https://reviews.freebsd.org/D36822 --- usr.bin/diff/diffreg.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/usr.bin/diff/diffreg.c b/usr.bin/diff/diffreg.c index 4fbdd3c3f50c..c9111fe7eaee 100644 --- a/usr.bin/diff/diffreg.c +++ b/usr.bin/diff/diffreg.c @@ -980,7 +980,6 @@ ignoreline_pattern(char *line) int ret; ret = regexec(&ignore_re, line, 0, NULL, 0); - free(line); return (ret == 0); /* if it matched, it should be ignored. */ } @@ -988,13 +987,10 @@ static bool ignoreline(char *line, bool skip_blanks) { - if (ignore_pats != NULL && skip_blanks) - return (ignoreline_pattern(line) || *line == '\0'); - if (ignore_pats != NULL) - return (ignoreline_pattern(line)); - if (skip_blanks) - return (*line == '\0'); - /* No ignore criteria specified */ + if (skip_blanks && *line == '\0') + return (true); + if (ignore_pats != NULL && ignoreline_pattern(line)) + return (true); return (false); } @@ -1013,7 +1009,7 @@ change(char *file1, FILE *f1, char *file2, FILE *f2, int a, int b, int c, int d, long curpos; int i, nc; const char *walk; - bool skip_blanks; + bool skip_blanks, ignore; skip_blanks = (*pflags & D_SKIPBLANKLINES); restart: @@ -1030,7 +1026,9 @@ restart: for (i = a; i <= b; i++) { line = preadline(fileno(f1), ixold[i] - ixold[i - 1], ixold[i - 1]); - if (!ignoreline(line, skip_blanks)) + ignore = ignoreline(line, skip_blanks); + free(line); + if (!ignore) goto proceed; } } @@ -1038,7 +1036,9 @@ restart: for (i = c; i <= d; i++) { line = preadline(fileno(f2), ixnew[i] - ixnew[i - 1], ixnew[i - 1]); - if (!ignoreline(line, skip_blanks)) + ignore = ignoreline(line, skip_blanks); + free(line); + if (!ignore) goto proceed; } }