]> granicus.if.org Git - yasm/commitdiff
Fix use-after-free in linemap_poke. The first yasm_linemap_set call can
authorPeter Johnson <peter@tortall.net>
Fri, 1 Jun 2007 19:39:29 +0000 (19:39 -0000)
committerPeter Johnson <peter@tortall.net>
Fri, 1 Jun 2007 19:39:29 +0000 (19:39 -0000)
realloc linemap->map->vector, invalidating the mapping pointer.

Found by: zzuf+valgrind

svn path=/trunk/yasm/; revision=1866

libyasm/linemap.c

index befd9acfd2b5ba87e69c21df90d0867e0c60929e..e2ff93005fb706ed28d7e907acd4592722e23f38 100644 (file)
@@ -131,11 +131,13 @@ yasm_linemap_poke(yasm_linemap *linemap, const char *filename,
                   unsigned long file_line)
 {
     unsigned long line;
-    line_mapping *mapping = &linemap->map->vector[linemap->map->size-1];
+    line_mapping *mapping;
 
     linemap->current++;
     yasm_linemap_set(linemap, filename, file_line, 0);
 
+    mapping = &linemap->map->vector[linemap->map->size-1];
+
     line = linemap->current;
 
     linemap->current++;