Prevent freeing static-alloc'd memory for %p and %n in printf

The following code caused ltrace 0.7.3-1 to crash on Arch Linux because an invalid pointer was passed to free(): printf("%p", &whatever); In printf.c, the elt_info pointer was always a statically allocated memory address from type_get_simple(): 115 if (format_type == ARGTYPE_ARRAY || format_type == ARGTYPE_POINTER) 116 elt_info = type_get_simple(elt_type); Therefore, do not assert that the caller form_next_param owns the elt_info pointer. Originally reported at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724253 Signed-off-by: Peter Wu <lekensteyn@gmail.com>
author: Peter Wu <lekensteyn@gmail.com> 2013-09-26 00:55:57 +0200
committer: Petr Machata <pmachata@redhat.com> 2013-09-26 13:43:36 +0200
commit: cae76962c7e0ec6119952addb36d1cf8d19f5228 (patch)
tree: 6b6cbf9d55dd6c970f5ee0468b886bea0b2405e9 /printf.c
parent: 594ef6824f4b08adff9b67f1481030a81dbf3bf7 (diff)
download: ltrace-cae76962c7e0ec6119952addb36d1cf8d19f5228.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/printf.c b/printf.c
index 9051d71..52b212c 100644
--- a/printf.c
+++ b/printf.c
@@ -168,7 +168,7 @@ form_next_param(struct param_enum *self,
 		type_init_pointer(infop, array, 1);
 
 	} else if (format_type == ARGTYPE_POINTER) {
-		type_init_pointer(infop, elt_info, 1);
+		type_init_pointer(infop, elt_info, 0);
 
 	} else {
 		*infop = *type_get_simple(format_type);
author	Peter Wu <lekensteyn@gmail.com>	2013-09-26 00:55:57 +0200
committer	Petr Machata <pmachata@redhat.com>	2013-09-26 13:43:36 +0200
commit	cae76962c7e0ec6119952addb36d1cf8d19f5228 (patch)
tree	6b6cbf9d55dd6c970f5ee0468b886bea0b2405e9 /printf.c
parent	594ef6824f4b08adff9b67f1481030a81dbf3bf7 (diff)
download	ltrace-cae76962c7e0ec6119952addb36d1cf8d19f5228.tar.gz