[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: use-after-free in read_token_word
|
From: |
Grisha Levit |
|
Subject: |
Re: use-after-free in read_token_word |
|
Date: |
Wed, 15 Mar 2023 18:43:17 -0400 |
Also in parse_matched_pair:
diff --git a/parse.y b/parse.y
index 0a8c039a..1001ac1b 100644
--- a/parse.y
+++ b/parse.y
@@ -3906,14 +3906,13 @@ parse_matched_pair (int qc, int open, int
close, size_t *lenp, int flags)
/* Locale expand $"..." here. */
/* PST_NOEXPAND */
ttrans = locale_expand (nestret, 0, nestlen - 1, start_lineno, &ttranslen);
- free (nestret);
-
/* If we're supposed to single-quote translated strings,
check whether the translated result is different from
the original and single-quote the string if it is. */
if (singlequote_translations &&
((nestlen - 1) != ttranslen || STREQN (nestret, ttrans,
ttranslen) == 0))
{
+ free (nestret);
if ((rflags & P_DQUOTE) == 0)
nestret = sh_single_quote (ttrans);
else if ((rflags & P_DQUOTE) && (dolbrace_state ==
DOLBRACE_QUOTE2) && (flags & P_DOLBRACE))
@@ -3923,7 +3922,10 @@ parse_matched_pair (int qc, int open, int
close, size_t *lenp, int flags)
nestret = sh_backslash_quote_for_double_quotes (ttrans, 0);
}
else
- nestret = sh_mkdoublequoted (ttrans, ttranslen, 0);
+ {
+ free (nestret);
+ nestret = sh_mkdoublequoted (ttrans, ttranslen, 0);
+ }
free (ttrans);
nestlen = strlen (nestret);
retind -= 2; /* back up before the $" */