[tz] [PROPOSED PATCH] zic fix storage-allocation bug with realloc
Paul Eggert
eggert at cs.ucla.edu
Sun Sep 4 08:10:19 UTC 2016
This bug was introduced in last month's Casablanca-in-2037 fix.
Problem found by valgrind.
* zic.c (outzone): Don't access freed storage.
---
zic.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/zic.c b/zic.c
index 1c91d5a..9c696c6 100644
--- a/zic.c
+++ b/zic.c
@@ -2290,7 +2290,7 @@ outzone(const struct zone *zpfirst, int zonecount)
register int compat;
register bool do_extend;
register char version;
- struct attype *lastatmax = NULL;
+ int lastatmax = -1;
max_abbr_len = 2 + max_format_len + max_abbrvar_len;
max_envvar_len = 2 * max_abbr_len + 5 * 9;
@@ -2524,8 +2524,9 @@ outzone(const struct zone *zpfirst, int zonecount)
type = addtype(offset, ab, rp->r_stdoff != 0,
rp->r_todisstd, rp->r_todisgmt);
if (rp->r_hiyear == ZIC_MAX
- && ! (lastatmax && ktime < lastatmax->at))
- lastatmax = &attypes[timecnt];
+ && ! (0 <= lastatmax
+ && ktime < attypes[lastatmax].at))
+ lastatmax = timecnt;
addtt(ktime, type);
}
}
@@ -2557,8 +2558,8 @@ error(_("can't determine time zone abbreviation to use just after until time"));
starttime = tadd(starttime, -gmtoff);
}
}
- if (lastatmax)
- lastatmax->dontmerge = true;
+ if (0 <= lastatmax)
+ attypes[lastatmax].dontmerge = true;
if (do_extend) {
/*
** If we're extending the explicitly listed observations
--
2.7.4
More information about the tz
mailing list