Author: cem Date: Thu Jan 30 17:50:51 2020 New Revision: 357299 URL: https://svnweb.freebsd.org/changeset/base/357299
Log: contrib/apr: Remove scope leak UB In apr_vformatter, the variable buf was declared inside a limited scope region, but a pointer to it is leaked outside of that region and used later. This is undefined behavior. Fix by moving the buf variable to function scope. Reported by: Coverity CID: 1192541 Modified: head/contrib/apr/strings/apr_snprintf.c Modified: head/contrib/apr/strings/apr_snprintf.c ============================================================================== --- head/contrib/apr/strings/apr_snprintf.c Thu Jan 30 17:30:04 2020 (r357298) +++ head/contrib/apr/strings/apr_snprintf.c Thu Jan 30 17:50:51 2020 (r357299) @@ -708,6 +708,7 @@ APR_DECLARE(int) apr_vformatter(int (*flush_func)(apr_ char num_buf[NUM_BUF_SIZE]; char char_buf[2]; /* for printing %% and %<unknown> */ + char buf[5]; /* for printing %B, %F, and %S */ enum var_type_enum { IS_QUAD, IS_LONG, IS_SHORT, IS_INT @@ -1246,7 +1247,6 @@ APR_DECLARE(int) apr_vformatter(int (*flush_func)(apr_ case 'F': case 'S': { - char buf[5]; apr_off_t size = 0; if (*fmt == 'B') { _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"