[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
use-after-free in read_token_word
|
From: |
Grisha Levit |
|
Subject: |
use-after-free in read_token_word |
|
Date: |
Wed, 15 Mar 2023 17:30:53 -0400 |
./bash --norc -O noexpand_translation -in <<<'$":"'
=ERROR: AddressSanitizer: heap-use-after-free on address 0x000108102b40
READ of size 1 thread T0
#0 read_token_word parse.y:5236
#1 read_token parse.y:3618
freed by thread T0 here:
#1 read_token_word parse.y:5231
#2 read_token parse.y:3618
diff --git a/parse.y b/parse.y
index e3516e2d..0a8c039a 100644
--- a/parse.y
+++ b/parse.y
@@ -5228,15 +5228,19 @@ read_token_word (int character)
/* PST_NOEXPAND */
/* Try to locale-expand the converted string. */
ttrans = locale_expand (ttok, 0, ttoklen - 1, first_line, &ttranslen);
- free (ttok);
-
/* Add the double quotes back (or single quotes if the user
has set that option). */
if (singlequote_translations &&
((ttoklen - 1) != ttranslen || STREQN (ttok, ttrans, ttranslen) == 0))
- ttok = sh_single_quote (ttrans);
+ {
+ free (ttok);
+ ttok = sh_single_quote (ttrans);
+ }
else
- ttok = sh_mkdoublequoted (ttrans, ttranslen, 0);
+ {
+ free (ttok);
+ ttok = sh_mkdoublequoted (ttrans, ttranslen, 0);
+ }
free (ttrans);
ttrans = ttok;
- use-after-free in read_token_word,
Grisha Levit <=