Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix use-after-free in tilde expansion disciplines (re: 936a193)
When compiling with AddressSanitizer/ASan, the regression tests on tests/tilde.sh line 163 occasionally aborts with a stack trace. In addition, the test on line 155 intermittently fails on a Linux armv7l system (without ASan). Something is wrong in my code here. The ASan stack trace shows a use after free in tilde_expand2() on macro.c line 2734, right after the stkseek() call that restores the stack state -- *and* that this space had been freed earlier via macro.c line 2722, the stkset() call that restores the stack after running a tilde discipline shell function. Evidently, stkfreeze() followed by stkset() is not correct here. The fix, as it turns out, is to simply write a 0 byte to the stack instead of freezing the stack adding a 0 byte, then restoring the stack state with stkseek() instead of stkset(), thus avoiding a potential rearranging of stack memory.
- Loading branch information