From 35fb6f2e11db0454c634772137f748dc81bcca63 Mon Sep 17 00:00:00 2001 From: Benedikt Reinartz Date: Thu, 24 May 2018 09:59:47 +0200 Subject: Fix use-after-free on Windows in escript MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since commit 385b18de6fd72672ed7d6736b30f56d6691d4433, the emulator path was not copied anymore before pushing it to the args vector (before it was done within the `push_words` function. Since on Windows `free_env_val` is not a NOP as it is on Unix systems, the string is freed and afterwards used, leading to strange errors like this: escript: Error executing 'àyI': 2 This is fixed by removing the `free_env_val` call. --- erts/etc/common/escript.c | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) (limited to 'erts/etc/common') diff --git a/erts/etc/common/escript.c b/erts/etc/common/escript.c index d739d21f12..c84e63ad7c 100644 --- a/erts/etc/common/escript.c +++ b/erts/etc/common/escript.c @@ -138,15 +138,6 @@ get_env(char *key) #endif } -static void -free_env_val(char *value) -{ -#ifdef __WIN32__ - if (value) - efree(value); -#endif -} - static void set_env(char *key, char *value) { @@ -422,7 +413,6 @@ main(int argc, char** argv) int eargv_size; int eargc_base; /* How many arguments in the base of eargv. */ char* emulator; - char* env; char* basename; char* def_emu_lookup_path; char scriptname[PMAX]; @@ -504,7 +494,7 @@ main(int argc, char** argv) } /* Determine path to emulator */ - emulator = env = get_env("ESCRIPT_EMULATOR"); + emulator = get_env("ESCRIPT_EMULATOR"); if (emulator == NULL) { emulator = get_default_emulator(def_emu_lookup_path); @@ -518,7 +508,6 @@ main(int argc, char** argv) */ PUSH(emulator); - free_env_val(env); PUSH("+B"); PUSH2("-boot", "no_dot_erlang"); -- cgit v1.2.3