From: Peter Johnson <peter@tortall.net>
Date: Fri, 1 Jun 2007 19:39:29 +0000 (-0000)
Subject: Fix use-after-free in linemap_poke.  The first yasm_linemap_set call can
X-Git-Tag: v0.6.1~1^2~5
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=951a6df0263aea89107a58fd697ec58aa01a1642;p=yasm

Fix use-after-free in linemap_poke.  The first yasm_linemap_set call can
realloc linemap->map->vector, invalidating the mapping pointer.

Found by: zzuf+valgrind

svn path=/trunk/yasm/; revision=1866
---

diff --git a/libyasm/linemap.c b/libyasm/linemap.c
index befd9acf..e2ff9300 100644
--- a/libyasm/linemap.c
+++ b/libyasm/linemap.c
@@ -131,11 +131,13 @@ yasm_linemap_poke(yasm_linemap *linemap, const char *filename,
                   unsigned long file_line)
 {
     unsigned long line;
-    line_mapping *mapping = &linemap->map->vector[linemap->map->size-1];
+    line_mapping *mapping;
 
     linemap->current++;
     yasm_linemap_set(linemap, filename, file_line, 0);
 
+    mapping = &linemap->map->vector[linemap->map->size-1];
+
     line = linemap->current;
 
     linemap->current++;