review.tizen.org Git - platform/upstream/syslinux.git/commit

author	Matt Fleming <matt.fleming@intel.com>
	Wed, 7 Mar 2012 15:18:51 +0000 (15:18 +0000)
committer	Matt Fleming <matt.fleming@intel.com>
	Fri, 23 Mar 2012 16:56:16 +0000 (16:56 +0000)
commit	2fb06e3ff4cad75633c78f56f99b4b3e3652b633
tree	67152777af6c4fee41982b07b21e959a726fe254	tree \| snapshot
parent	db63acbdcd3603bbd42238dac19902ce00fe5d59	commit \| diff

ldlinux: Avoid initialised data memory corruption

We can't realloc() 'PATH' because realloc() may just extend the
malloc'd region if the adjacent region is free, as opposed to
allocating a new region and then copying the data. This behaviour is
fine in most circumstances but not with initialised string data, such
as 'PATH'. The reason is that other string data pointers may point to
characters in 'PATH' and if we modify it after realloc()'ing, we'll
appear to corrupt unrelated string data.

For example, the string "/" is used in chdir() and the address of that
string is the last "/" in 'PATH'. If we realloc() and then append
"foo" to 'PATH' the string pointer in chdir() will now point to "/foo".

Initialise 'PATH' at runtime using malloc() and free() to avoid
corrupting string data.

Signed-off-by: Matt Fleming <matt.fleming@intel.com>

com32/elflink/ldlinux/readconfig.c		diff \| blob \| history
core/elflink/load_env32.c		diff \| blob \| history
core/fs/fs.c		diff \| blob \| history
core/include/fs.h		diff \| blob \| history