diff options
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | src/eval.c | 3 | ||||
| -rw-r--r-- | src/histedit.c | 3 |
3 files changed, 8 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog index f161a13..a56fc5e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2014-10-02 Herbert Xu <herbert@gondor.apana.org.au> + + * Fix use-after-free in dotrap/evalstring. + 2014-09-29 Herbert Xu <herbert@gondor.apana.org.au> * Kill pgetc_macro. diff --git a/src/eval.c b/src/eval.c index c7358a6..3cfa1e5 100644 --- a/src/eval.c +++ b/src/eval.c @@ -160,6 +160,7 @@ evalstring(char *s, int flags) struct stackmark smark; int status; + s = sstrdup(s); setinputstring(s); setstackmark(&smark); @@ -171,7 +172,9 @@ evalstring(char *s, int flags) if (evalskip) break; } + popstackmark(&smark); popfile(); + stunalloc(s); return status; } diff --git a/src/histedit.c b/src/histedit.c index b27d629..94465d7 100644 --- a/src/histedit.c +++ b/src/histedit.c @@ -372,8 +372,7 @@ histcmd(int argc, char **argv) out2str(s); } - evalstring(strcpy(stalloc(strlen(s) + 1), s), - 0); + evalstring(s, 0); if (displayhist && hist) { /* * XXX what about recursive and |