gbdev/rgbds
1
0
Fork 0
mirror of https://github.com/gbdev/rgbds.git synced 2025-11-20 10:12:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix use-after-free with include in linker scripts

Browse Source 
Fixes #510, and further proves that you *really* should not entrust memory
ownership management to humans :P
This commit is contained in:
ISSOtm
2020-04-13 02:36:07 +02:00
parent 023a3c037f
commit 2220f19fa7
3 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/link/main.h
View File

@@ -18,7 +18,7 @@
/* Variables related to CLI options */
extern bool isDmgMode;
extern char const *linkerScriptName;
extern char *linkerScriptName;
extern char const *mapFileName;
extern char const *symFileName;
extern char const *overlayFileName;

2
src/link/main.c
View File

@@ -25,7 +25,7 @@
#include "version.h"
bool isDmgMode; /* -d */
char const *linkerScriptName; /* -l */
char *linkerScriptName; /* -l */
char const *mapFileName; /* -m */
char const *symFileName; /* -n */
char const *overlayFileName; /* -O */

13
src/link/script.c
View File

@@ -19,19 +19,20 @@
#include "extern/err.h"
FILE * linkerScript;
char *includeFileName;
static uint32_t lineNo;
static struct {
FILE *file;
uint32_t lineNo;
char const *name;
char *name;
} *fileStack;
static uint32_t fileStackSize;
static uint32_t fileStackIndex;
static void pushFile(char const *newFileName)
static void pushFile(char *newFileName)
{
if (fileStackIndex == UINT32_MAX)
errx(1, "%s(%u): INCLUDE recursion limit reached",
@@ -66,6 +67,8 @@ static bool popFile(void)
if (!fileStackIndex)
return false;
free(linkerScriptName);
fileStackIndex--;
linkerScript = fileStack[fileStackIndex].file;
lineNo = fileStack[fileStackIndex].lineNo;
@@ -179,7 +182,7 @@ static int readChar(FILE *file)
return curchar;
}
static struct LinkerScriptToken const *nextToken(void)
static struct LinkerScriptToken *nextToken(void)
{
static struct LinkerScriptToken token;
int curchar;
@@ -368,7 +371,7 @@ struct SectionPlacement *script_NextSection(void)
}
for (;;) {
struct LinkerScriptToken const *token = nextToken();
struct LinkerScriptToken *token = nextToken();
enum LinkerScriptTokenType tokType;
union LinkerScriptTokenAttr attr;
bool hasArg;
@@ -498,6 +501,8 @@ struct SectionPlacement *script_NextSection(void)
/* Switch to that file */
pushFile(token->attr.string);
/* The file stack took ownership of the string */
token->attr.string = NULL;
parserState = PARSER_LINESTART;
break;