diff options
author | Michael Vogt <mvo@ubuntu.com> | 2014-09-02 17:06:52 +0200 |
---|---|---|
committer | Michael Vogt <mvo@ubuntu.com> | 2014-09-02 17:25:35 +0200 |
commit | 097248092ea4ff4543dfb17deb4e0d31dd697c71 (patch) | |
tree | e6af763c1fe68a76960c92473a120edc13b101b4 | |
parent | cbcdd3ee9d86379d1b3a44e41ae8b17dc23111d0 (diff) |
Use heap to allocate PatternMatch to avoid potential stack overflow
When apt-cache search with many args (> 130) is given the allocation
of PatternMatch on the stack may fail resulting in a segmentation
fault. By using the heap the max size is much bigger and we also
get a bad_alloc expection instead of a segfault (which we can catch
*if* this ever becomes a pratical problem). No test for the crash
as its not reproducable with the MALLOC_ settings in framework.
Closes: 759612
-rw-r--r-- | cmdline/apt-cache.cc | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/cmdline/apt-cache.cc b/cmdline/apt-cache.cc index 1414617eb..ac0d48a36 100644 --- a/cmdline/apt-cache.cc +++ b/cmdline/apt-cache.cc @@ -1278,8 +1278,8 @@ static bool Search(CommandLine &CmdL) ExDescFile *DFList = new ExDescFile[descCount]; memset(DFList,0,sizeof(*DFList) * descCount); - bool PatternMatch[descCount * NumPatterns]; - memset(PatternMatch,false,sizeof(PatternMatch)); + bool *PatternMatch = new bool[descCount * NumPatterns]; + memset(PatternMatch,false,sizeof(*PatternMatch) * descCount * NumPatterns); // Map versions that we want to write out onto the VerList array. for (pkgCache::GrpIterator G = Cache->GrpBegin(); G.end() == false; ++G) @@ -1389,6 +1389,7 @@ static bool Search(CommandLine &CmdL) } delete [] DFList; + delete [] PatternMatch; for (unsigned I = 0; I != NumPatterns; I++) regfree(&Patterns[I]); if (ferror(stdout)) |