[BZ #14277]

author Jeff Law <law@redhat.com>

Thu, 21 Jun 2012 23:15:38 +0000 (17:15 -0600)

committer Jeff Law <law@redhat.com>

Thu, 21 Jun 2012 23:15:38 +0000 (17:15 -0600)
author Jeff Law <law@redhat.com>
Thu, 21 Jun 2012 23:15:38 +0000 (17:15 -0600)
committer Jeff Law <law@redhat.com>
Thu, 21 Jun 2012 23:15:38 +0000 (17:15 -0600)
diff --git a/ChangeLog b/ChangeLog

index f9ccbe6..6f3676f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2012-06-21  Jeff Law  <law@redhat.com>
+
+       [BZ #14277]
+       * intl/dcigettext.c (_nl_find_msg): Avoid use after potential
+       free.  Simplify list management for _LIBC case.
+
  2012-06-21  Joseph Myers  <joseph@codesourcery.com>
  
         [BZ #14273]
diff --git a/NEWS b/NEWS

index 8797a6b..1ce8ee3 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -30,7 +30,7 @@ Version 2.16
    13983, 13986, 13996, 14012, 14027, 14033, 14034, 14036, 14040, 14043,
    14044, 14048, 14049, 14050, 14053, 14055, 14059, 14064, 14075, 14080,
    14083, 14103, 14104, 14109, 14112, 14117, 14122, 14123, 14134, 14153,
-  14183, 14188, 14199, 14210, 14218, 14229, 14241, 14273, 14278
+  14183, 14188, 14199, 14210, 14218, 14229, 14241, 14273, 14277, 14278
  
  * Support for the x32 ABI on x86-64 added.  The x32 target is selected by
    configuring glibc with:
diff --git a/intl/dcigettext.c b/intl/dcigettext.c

index f6b7573..fcd1c78 100644 (file)
--- a/intl/dcigettext.c
+++ b/intl/dcigettext.c
@@ -1155,7 +1155,7 @@ _nl_find_msg (domain_file, domainbinding, msgid, convert, lengthp)
                                                              freemem_size);
  # ifdef _LIBC
                       if (newmem != NULL)
-                       transmem_list = transmem_list->next;
+                       transmem_list = newmem;
                       else
                         {
                           struct transmem_list *old = transmem_list;
@@ -1170,6 +1170,12 @@ _nl_find_msg (domain_file, domainbinding, msgid, convert, lengthp)
                       malloc_count = 1;
                       freemem_size = INITIAL_BLOCK_SIZE;
                       newmem = (transmem_block_t *) malloc (freemem_size);
+# ifdef _LIBC
+                     /* Add the block to the list of blocks we have to free
+                        at some point.  */
+                     newmem->next = transmem_list;
+                     transmem_list = newmem;
+# endif
                     }
                   if (__builtin_expect (newmem == NULL, 0))
                     {
@@ -1180,11 +1186,6 @@ _nl_find_msg (domain_file, domainbinding, msgid, convert, lengthp)
                     }
  
  # ifdef _LIBC
-                 /* Add the block to the list of blocks we have to free
-                    at some point.  */
-                 newmem->next = transmem_list;
-                 transmem_list = newmem;
-
                   freemem = (unsigned char *) newmem->data;
                   freemem_size -= offsetof (struct transmem_list, data);
  # else
author	Jeff Law <law@redhat.com>
	Thu, 21 Jun 2012 23:15:38 +0000 (17:15 -0600)
committer	Jeff Law <law@redhat.com>
	Thu, 21 Jun 2012 23:15:38 +0000 (17:15 -0600)
ChangeLog		patch \| blob \| history
NEWS		patch \| blob \| history
intl/dcigettext.c		patch \| blob \| history