Author: cem
Date: Thu Jan 30 17:50:51 2020
New Revision: 357299
URL: https://svnweb.freebsd.org/changeset/base/357299
Log:
contrib/apr: Remove scope leak UB
In apr_vformatter, the variable buf was declared inside a limited scope
region, but a pointer to it is leaked outside of that region and used
later. This is undefined behavior. Fix by moving the buf variable to
function scope.
Reported by: Coverity
CID: 1192541
Modified:
head/contrib/apr/strings/apr_snprintf.c
Modified: head/contrib/apr/strings/apr_snprintf.c
==============================================================================
--- head/contrib/apr/strings/apr_snprintf.c Thu Jan 30 17:30:04 2020
(r357298)
+++ head/contrib/apr/strings/apr_snprintf.c Thu Jan 30 17:50:51 2020
(r357299)
@@ -708,6 +708,7 @@ APR_DECLARE(int) apr_vformatter(int (*flush_func)(apr_
char num_buf[NUM_BUF_SIZE];
char char_buf[2]; /* for printing %% and %<unknown> */
+ char buf[5]; /* for printing %B, %F, and %S */
enum var_type_enum {
IS_QUAD, IS_LONG, IS_SHORT, IS_INT
@@ -1246,7 +1247,6 @@ APR_DECLARE(int) apr_vformatter(int (*flush_func)(apr_
case 'F':
case 'S':
{
- char buf[5];
apr_off_t size = 0;
if (*fmt == 'B') {
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
