aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCyrill Gorcunov <gorcunov@gmail.com>2020-08-18 11:25:14 +0300
committerCyrill Gorcunov <gorcunov@gmail.com>2020-08-18 11:27:03 +0300
commit7c88289e222dc5ef9f53f9e86ecaab1924744b88 (patch)
tree9498d7372a5e455e89bfd21483e7d2c551cd41cc
parent4268400c10c1a8e1f318d31c9704d8cbfe904454 (diff)
downloadnasm-7c88289e222dc5ef9f53f9e86ecaab1924744b88.tar.gz
nasm-7c88289e222dc5ef9f53f9e86ecaab1924744b88.tar.xz
nasm-7c88289e222dc5ef9f53f9e86ecaab1924744b88.zip
BR3392711: preproc: fix memory corruption in expand_one_smacro
The mempcpy helper returns *last* byte pointer thus when we call set_text_free we have to pass a pointer to the start of the string. Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
-rw-r--r--asm/preproc.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/asm/preproc.c b/asm/preproc.c
index b25f275e..3fa4e281 100644
--- a/asm/preproc.c
+++ b/asm/preproc.c
@@ -5612,7 +5612,7 @@ static SMacro *expand_one_smacro(Token ***tpp)
{
size_t mlen = strlen(m->name);
size_t len;
- char *p;
+ char *p, *from;
t->type = mstart->type;
if (t->type == TOK_LOCAL_MACRO) {
@@ -5625,15 +5625,15 @@ static SMacro *expand_one_smacro(Token ***tpp)
plen = pep - psp;
len = mlen + plen;
- p = nasm_malloc(len + 1);
+ from = p = nasm_malloc(len + 1);
p = mempcpy(p, psp, plen);
} else {
len = mlen;
- p = nasm_malloc(len + 1);
+ from = p = nasm_malloc(len + 1);
}
p = mempcpy(p, m->name, mlen);
*p = '\0';
- set_text_free(t, p, len);
+ set_text_free(t, from, len);
t->next = tline;
break;