aboutsummaryrefslogtreecommitdiffstats
path: root/erts
diff options
context:
space:
mode:
authorBenedikt Reinartz <[email protected]>2018-05-24 09:59:47 +0200
committerGitHub <[email protected]>2018-05-24 09:59:47 +0200
commit35fb6f2e11db0454c634772137f748dc81bcca63 (patch)
treee482b0a494d484e6aa7cd8553f33bf167247d6fe /erts
parent20970abd567cf577d31f97a2396985174cae15b7 (diff)
downloadotp-35fb6f2e11db0454c634772137f748dc81bcca63.tar.gz
otp-35fb6f2e11db0454c634772137f748dc81bcca63.tar.bz2
otp-35fb6f2e11db0454c634772137f748dc81bcca63.zip
Fix use-after-free on Windows in escript
Since commit 385b18de6fd72672ed7d6736b30f56d6691d4433, the emulator path was not copied anymore before pushing it to the args vector (before it was done within the `push_words` function. Since on Windows `free_env_val` is not a NOP as it is on Unix systems, the string is freed and afterwards used, leading to strange errors like this: escript: Error executing 'àyI': 2 This is fixed by removing the `free_env_val` call.
Diffstat (limited to 'erts')
-rw-r--r--erts/etc/common/escript.c13
1 files changed, 1 insertions, 12 deletions
diff --git a/erts/etc/common/escript.c b/erts/etc/common/escript.c
index d739d21f12..c84e63ad7c 100644
--- a/erts/etc/common/escript.c
+++ b/erts/etc/common/escript.c
@@ -139,15 +139,6 @@ get_env(char *key)
}
static void
-free_env_val(char *value)
-{
-#ifdef __WIN32__
- if (value)
- efree(value);
-#endif
-}
-
-static void
set_env(char *key, char *value)
{
#ifdef __WIN32__
@@ -422,7 +413,6 @@ main(int argc, char** argv)
int eargv_size;
int eargc_base; /* How many arguments in the base of eargv. */
char* emulator;
- char* env;
char* basename;
char* def_emu_lookup_path;
char scriptname[PMAX];
@@ -504,7 +494,7 @@ main(int argc, char** argv)
}
/* Determine path to emulator */
- emulator = env = get_env("ESCRIPT_EMULATOR");
+ emulator = get_env("ESCRIPT_EMULATOR");
if (emulator == NULL) {
emulator = get_default_emulator(def_emu_lookup_path);
@@ -518,7 +508,6 @@ main(int argc, char** argv)
*/
PUSH(emulator);
- free_env_val(env);
PUSH("+B");
PUSH2("-boot", "no_dot_erlang");