From nobody Fri Nov 11 18:36:53 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4N86qn46HDz4dbRK; Fri, 11 Nov 2022 18:36:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4N86qn3Ww0z3vxd; Fri, 11 Nov 2022 18:36:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1668191813; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=J79IiaUeZNLSl5dGySz1DdbSBRCSOnzG48vl32HcoyE=; b=H0+ZCQ66b2tBmczW4PwMaA8vs9aEFmjMkhfag+LModaPbCZCW0efvAQIj055zJUHVBugjn Ui1h6yU+x+gnhYg25ohdLeciLsoDyQ2ig6pfk2VwU8dINUHTU+uTWNuJYu0vUxD69neHXg zhw90+mHweZ4yAP/h7IkR3mWVEd3cj3t8reGGi4CuRokcG7wqVAWkTKPdr5fbaniaqKOtZ x5Vdi87oOjNzM4FGzqtRALxdzTaM+CMnc4iq7l8m5S2BxvsLZ3ieDBt86YrCuyx9LSgX8x xVWipBo0vhRWuCI+xhJfKZ4kpkqqDsa0TbmB2j26+5w44P+RWUM4fQfk45J+eQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1668191813; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=J79IiaUeZNLSl5dGySz1DdbSBRCSOnzG48vl32HcoyE=; b=LGoRa2KDpEGSh8wNuTxq581zmSMwh8c26eaesRZAiw3T79MzOf4XIMr0/4QbcBhDp2Yqae 12e/nqfJXUnp+9DbKDaWuYfVY96Ba8NCQ/rWFrkb8H5c76bgZOF2hKV+F6YXbcS+rko4RK Qm7u2kZ1XD5pZ2sd2FD6qmHa27XTGI6qVqJFYI5F2pPVF/N8nYfA+GPFPXEDTFgK5WXrlD HZ92eX51dfQe9asPtTFf9/LaC9pgXuGezWfbj6N8Cy0MFcmdVElyEReoGrV3TL/KEMcXkC dzmQeYObcR1WPgro6Qg1yABQMRrU9B9/MUCaWAhwTGryAYVfQ4DBPsUl8bv+XA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1668191813; a=rsa-sha256; cv=none; b=v1F/JQ44KZQ9GSGvtY+2xqJ+znA2d5DsW+gvBTIQciMqk1pXCxU52KB1i75lEMgynB2PfU JIzp8QDwiq13RSrh7cCu93rxyvqURe07v7+Zfy+fXRXrm27UXxBF6Wp88azddvjT+qEfsP aHMq6BttNRPoTxojHvI+tpBcPryqmy1zaIiVX+WoP2dTAyee1SSjWwolr3Xo6MTaqYvq9A ju8YdXwowCuXZD59EhOaZH/oIHX3e8FyQQfAH0RTFf9MMpdPTb/yNTmExgp35GdXwBqzYN drMsF6rxGbXXTVgPlRp2KT5b/WmCSGaBHLrw6rn2I44kmBJnA8bUnpiXoPWf1w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4N86qn2bgwztNr; Fri, 11 Nov 2022 18:36:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2ABIarkQ004184; Fri, 11 Nov 2022 18:36:53 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2ABIaruU004183; Fri, 11 Nov 2022 18:36:53 GMT (envelope-from git) Date: Fri, 11 Nov 2022 18:36:53 GMT Message-Id: <202211111836.2ABIaruU004183@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: 1f9f319919d7 - stable/13 - diff: Fix a use after free as well as a memory leak in change(). List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 1f9f319919d7f8b76c8d8a7edb71ca2f39fb40e1 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=1f9f319919d7f8b76c8d8a7edb71ca2f39fb40e1 commit 1f9f319919d7f8b76c8d8a7edb71ca2f39fb40e1 Author: John Baldwin AuthorDate: 2022-10-03 23:10:43 +0000 Commit: John Baldwin CommitDate: 2022-11-11 18:18:53 +0000 diff: Fix a use after free as well as a memory leak in change(). When -B or -I are used, change() evaluates the lines in a hunk to determine if it is a hunk that should be ignored. It does this by reading each candidate line into a mallocated buffer via preadline() and then calling ignoreline(). Previously the buffer was freed as a side effect of ignoreline_pattern() called from ignoreline(). However, if only -B was specified, then ignoreline_pattern() was not called and the lines were leaked. If both options were specified, then ignoreline_pattern() was called before checking for a blank line so that the second check was a use after free. To fix, pull the free() out of ignoreline_pattern() and instead do it up in change() so that is paired with preadline(). While here, simplify ignoreline() by checking for the -B and -I cases individually without a separate clause for when both are set. Also, do the cheaper check (-B) first, and remove a false comment (this function is only called if at least one of -I or -B are specified). Reviewed by: emaste Reported by: GCC 12 -Wuse-after-free Differential Revision: https://reviews.freebsd.org/D36822 (cherry picked from commit 3736b2dd327050d2e6c925964b210eccbaac51ab) --- usr.bin/diff/diffreg.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/usr.bin/diff/diffreg.c b/usr.bin/diff/diffreg.c index e728441c2cb2..72a4d5f25b07 100644 --- a/usr.bin/diff/diffreg.c +++ b/usr.bin/diff/diffreg.c @@ -1035,7 +1035,6 @@ ignoreline_pattern(char *line) int ret; ret = regexec(&ignore_re, line, 0, NULL, 0); - free(line); return (ret == 0); /* if it matched, it should be ignored. */ } @@ -1043,13 +1042,10 @@ static bool ignoreline(char *line, bool skip_blanks) { - if (ignore_pats != NULL && skip_blanks) - return (ignoreline_pattern(line) || *line == '\0'); - if (ignore_pats != NULL) - return (ignoreline_pattern(line)); - if (skip_blanks) - return (*line == '\0'); - /* No ignore criteria specified */ + if (skip_blanks && *line == '\0') + return (true); + if (ignore_pats != NULL && ignoreline_pattern(line)) + return (true); return (false); } @@ -1068,7 +1064,7 @@ change(char *file1, FILE *f1, char *file2, FILE *f2, int a, int b, int c, int d, long curpos; int i, nc; const char *walk; - bool skip_blanks; + bool skip_blanks, ignore; skip_blanks = (*pflags & D_SKIPBLANKLINES); restart: @@ -1086,7 +1082,9 @@ restart: for (i = a; i <= b; i++) { line = preadline(fileno(f1), ixold[i] - ixold[i - 1], ixold[i - 1]); - if (!ignoreline(line, skip_blanks)) + ignore = ignoreline(line, skip_blanks); + free(line); + if (!ignore) goto proceed; } } @@ -1094,7 +1092,9 @@ restart: for (i = c; i <= d; i++) { line = preadline(fileno(f2), ixnew[i] - ixnew[i - 1], ixnew[i - 1]); - if (!ignoreline(line, skip_blanks)) + ignore = ignoreline(line, skip_blanks); + free(line); + if (!ignore) goto proceed; } }