Skip to content

nsh/alias: Fix compiler warning#1877

Merged
xiaoxiang781216 merged 1 commit intoapache:masterfrom
wengzhe:master
Aug 1, 2023
Merged

nsh/alias: Fix compiler warning#1877
xiaoxiang781216 merged 1 commit intoapache:masterfrom
wengzhe:master

Conversation

@wengzhe
Copy link
Copy Markdown
Contributor

@wengzhe wengzhe commented Aug 1, 2023

Summary

Got use-after-free warning under GCC 12 with -O3 option, and I found that nsh_strcat may realloc ptr, then cmdline may point to invalid memory.

Let cmdline point to the reallocated ptr may solve the problem. Tested by alias ll='ls -l' and ll / on sim.

GCC output:

CC:  binfmt_unloadmodule.c In function 'nsh_aliasexpand',
    inlined from 'nsh_argument' at nsh_parse.c:1879:20:
nsh_parse.c:1196:23: error: pointer 'ptr' used after 'realloc' [-Werror=use-after-free]
 1196 |               ptr     = cmdline + len;
      |               ~~~~~~~~^~~~~~~~~~~~~~~
In function 'nsh_strcat',
    inlined from 'nsh_aliasexpand' at nsh_parse.c:1190:21,
    inlined from 'nsh_argument' at nsh_parse.c:1879:20:
nsh_parse.c:1100:27: note: call to 'realloc' here
 1100 |   argument  = (FAR char *)realloc(s1, allocsize);
      |                           ^~~~~~~~~~~~~~~~~~~~~~

Impact

nsh alias

Testing

Tested by alias ll='ls -l' and ll / on sim.

@wengzhe
nsh/alias: Fix compiler warning
ee82ba3 
Got use-after-free warning under GCC 12 with `-O3` option, and I found
that `nsh_strcat` may realloc `ptr`, then `cmdline` may point to invalid
memory.

Let `cmdline` point to the reallocated `ptr` may solve the problem.
Tested by `alias ll='ls -l'` and `ll /` on sim.

GCC output:

CC:  binfmt_unloadmodule.c In function 'nsh_aliasexpand',
    inlined from 'nsh_argument' at nsh_parse.c:1879:20:
nsh_parse.c:1196:23: error: pointer 'ptr' used after 'realloc' [-Werror=use-after-free]
 1196 |               ptr     = cmdline + len;
      |               ~~~~~~~~^~~~~~~~~~~~~~~
In function 'nsh_strcat',
    inlined from 'nsh_aliasexpand' at nsh_parse.c:1190:21,
    inlined from 'nsh_argument' at nsh_parse.c:1879:20:
nsh_parse.c:1100:27: note: call to 'realloc' here
 1100 |   argument  = (FAR char *)realloc(s1, allocsize);
      |                           ^~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
@xiaoxiang781216 xiaoxiang781216 merged commit 396ab2e into apache:master Aug 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jerpelea jerpelea jerpelea approved these changes

@xiaoxiang781216 xiaoxiang781216 xiaoxiang781216 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wengzhe @jerpelea @xiaoxiang781216