diff --git a/Changes b/Changes index 967eb71..7c5e228 100644 --- a/Changes +++ b/Changes @@ -6,6 +6,8 @@ Release ... shows the beginning of a line that does not fit onto the screen in its entirety. * Viewing executables and compressed files is no longer inhibited. +* A bug in the supplied realloc() replacement could result in heap + corruption. (No resulting failures have been observed with ex so far.) Release 3/25/05 * vi no longer dies with a segmentation fault if a line does not fit on the diff --git a/ex_version.c b/ex_version.c index 43b68c7..f854692 100644 --- a/ex_version.c +++ b/ex_version.c @@ -70,12 +70,12 @@ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * Sccsid @(#)ex_version.c 1.144 (gritter) 8/6/05 + * Sccsid @(#)ex_version.c 1.145 (gritter) 8/18/05 */ #include "ex.h" -static char *versionstring = "@(#)Version 4.0 (gritter) 8/6/05"; +static char *versionstring = "@(#)Version 4.0 (gritter) 8/18/05"; void printver(void) @@ -127,6 +127,6 @@ ex_vput.c:static char sccsid[] = "@(#)ex_vput.c 1.51 (gritter) 8/6/05"; ex_vwind.c:static char sccsid[] = "@(#)ex_vwind.c 1.9 (gritter) 11/23/04"; expreserve.c:static char sccsid[] UNUSED = "@(#)expreserve.c 1.23 (gritter) 11/27/04"; exrecover.c:static char sccsid[] UNUSED = "@(#)exrecover.c 1.22 (gritter) 8/4/05"; -mapmalloc.c: * Sccsid @(#)mapmalloc.c 1.6 (gritter) 6/19/05 +mapmalloc.c: * Sccsid @(#)mapmalloc.c 1.7 (gritter) 8/18/05 printf.c:static char sccsid[] = "@(#)printf.c 1.15 (gritter) 12/1/04"; */ diff --git a/mapmalloc.c b/mapmalloc.c index 3bd4fcb..5869ca3 100644 --- a/mapmalloc.c +++ b/mapmalloc.c @@ -1,8 +1,7 @@ /* * AT&T Unix 7th Edition memory allocation routines. * - * Modified for ex by Gunnar Ritter, Freiburg i. Br., Germany, - * February 2005. + * Modified by Gunnar Ritter, Freiburg i. Br., Germany, February 2005. * * Copyright(C) Caldera International Inc. 2001-2002. All rights reserved. * @@ -36,7 +35,7 @@ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * Sccsid @(#)mapmalloc.c 1.6 (gritter) 6/19/05 + * Sccsid @(#)mapmalloc.c 1.7 (gritter) 8/18/05 */ #ifdef VMUNIX @@ -201,8 +200,8 @@ map(void *addr, size_t len) return(mmap(addr,len,PROT_READ|PROT_WRITE,flags,fd,0)); } -void * -malloc(size_t nbytes) +static void * +mallock(size_t nbytes, union store *start, union store *end) { register union store *p, *q; struct pool *o; @@ -240,7 +239,9 @@ first: if(allocs[0].ptr==0) { /*first time for this pool*/ if (ua) allocp = p->ptr; } - if(q>=p+nw && p+nw>=p) + if(q>=p+nw && p+nw>=p && (start==NULL || + p+nwend || + p+2==start)) goto found; } q = p; @@ -303,6 +304,12 @@ found: return(p+2); } +void * +malloc(size_t nbytes) +{ + return mallock(nbytes, NULL, NULL); +} + /* freeing strategy tuned for LIFO allocation */ void @@ -350,7 +357,7 @@ realloc(void *ap, size_t nbytes) free(p); onw = p[-2].ptr - p; o = p[-1].pool; - q = malloc(nbytes); + q = mallock(nbytes, p, &p[onw]); if(q==NULL || q==p) return(q); s = p;