bug-make
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug #64551] Possible null pointer dereference on the function get_b

From: Haoxin Tu
Subject: Re: [bug #64551] Possible null pointer dereference on the function get_buffer
Date: Sun, 21 Jan 2024 23:59:19 +0800
Hi Martin and Paul,

Thanks for your detailed explanation. I have no further concerns now.

Have a great day ahead!

Best regards,
Haoxin

Paul Smith <psmith@gnu.org> 于2024年1月21日周日 23:24写道:
On Sun, 2024-01-21 at 12:00 +0800, Haoxin Tu wrote:
> May I know if you are planning to propose a fix for it? I checked the
> implementations of other `make` versions a bit further, and as far as
> I can tell, the issue exists from the older make-4.0.90 (2014-9-30)
> to the newest version of make (make-4.4.0.91).

That's incorrect.  As Martin explained, and I mentioned in my replies,
this issue was resolved back in 2017 and the fix is available starting
in GNU Make 4.3 and above.

In that release, the OUT_OF_MEMORY() macro has been replaced with an
out_of_memory() function call, and neither that function nor any
function it calls will try to allocate memory and so it cannot have the
same behavior as the older code.

In the current release, out-of-memory failures write a static buffer to
a file descriptor then exit, without returning or trying to allocate
more memory.

Here is the relevant code from the current GNU Make 4.4.1 release:

https://git.savannah.gnu.org/cgit/make.git/tree/src/misc.c?h=4.4.1#n288
https://git.savannah.gnu.org/cgit/make.git/tree/src/output.c?h=4.4.1#n532
https://git.savannah.gnu.org/cgit/make.git/tree/src/misc.c?h=4.4.1#n426


As an aside, all the versions of GNU Make that end in ".9x" such as the
ones you refer to above, 4.0.90 and 4.4.0.91, are beta or release
candidate releases.  They are not fit for production use.  Any release
which is made available on the https://alpha.gnu.org/gnu/ site is a
pre-release and should only be used for testing the release.

You should only use releases with non-".9x" versions.  You can find
these releases at the official site https://ftp.gnu.org/gnu/ and they
are announced at https://savannah.gnu.org/projects/make/

--
Paul D. Smith <psmith@gnu.org>            Find some GNU make tips at:
https://www.gnu.org                       http://make.mad-scientist.net
"Please remain calm...I may be mad, but I am a professional." --Mad
Scientist
reply via email to
[Prev in Thread] Current Thread [Next in Thread]