In function cygwin_rexec(), a pointer to local buffer 'ahostbuf' is
returned through 'ahost'. However, the buffer will have been deallocated
at the end of the function, and so the contents of 'ahost' will be
undefined. A trivial patch (attached) fixes the problem by making
'ahostbuf' static.
This patch fixes Coverity bug ID #60028.
Change Log:
2014-05-24 David Stacey <drsta...@tiscali.co.uk>
* libc/rexec.cc (cygwin_rexec):
Corrected returning a pointer to a buffer that will have gone
out of
scope.
Cheers,
Dave.
--- cygwin-orig/libc/rexec.cc 2013-04-23 10:44:35.000000000 +0100
+++ cygwin/libc/rexec.cc 2014-05-24 22:37:39.764370000 +0100
@@ -317,7 +317,7 @@
u_short port = 0;
int s, timo = 1, s3;
char c;
- char ahostbuf[INTERNET_MAX_HOST_NAME_LENGTH + 1];
+ static char ahostbuf[INTERNET_MAX_HOST_NAME_LENGTH + 1];
myfault efault;
if (efault.faulted (EFAULT))
