From 68ab0dafa99f1941b3ebb47b7cf969381e7310f4 Mon Sep 17 00:00:00 2001 From: David Shea Date: Tue, 24 May 2016 11:08:32 +0900 Subject: desktop: Fix invalid memory access * gettext-tools/src/read-desktop.c (desktop_lex): Don't access memory deallocated with realloc(). Reported in: http://savannah.gnu.org/bugs/?47991 --- gettext-tools/src/read-desktop.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/gettext-tools/src/read-desktop.c b/gettext-tools/src/read-desktop.c index 417c08a..e505045 100644 --- a/gettext-tools/src/read-desktop.c +++ b/gettext-tools/src/read-desktop.c @@ -326,8 +326,9 @@ desktop_lex (token_ty *tp) case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': { - const char *locale = NULL; - const char *value = NULL; + size_t locale_start; + bool found_locale = false; + size_t value_start; for (;;) { APPEND (c); @@ -353,7 +354,8 @@ desktop_lex (token_ty *tp) case '[': /* Finish the key part and start the locale part. */ APPEND (0); - locale = &buffer[bufpos]; + found_locale = true; + locale_start = bufpos; for (;;) { @@ -428,7 +430,7 @@ desktop_lex (token_ty *tp) break; } - value = &buffer[bufpos]; + value_start = bufpos; for (;;) { c = phase2_getc (); @@ -439,8 +441,8 @@ desktop_lex (token_ty *tp) APPEND (0); tp->type = token_type_pair; tp->string = xmemdup (buffer, bufpos); - tp->locale = locale; - tp->value = value; + tp->locale = found_locale ? &buffer[locale_start] : NULL; + tp->value = &buffer[value_start]; return; } default: -- cgit v1.1