summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorTavis Ormandy <taviso@gmail.com>2024-08-08 15:09:59 -0700
committerJohn Wiegley <johnw@newartisans.com>2024-08-08 13:26:45 -1000
commitefd55c763699a3e38fc4a5ba72e114b8b0781b66 (patch)
tree4d1830c03070482b58bbd3a670afa437a7979ccc /src
parent771890169d9f2263ad07ddabd592a7acb794f4ef (diff)
downloadfork-ledger-efd55c763699a3e38fc4a5ba72e114b8b0781b66.tar.gz
fork-ledger-efd55c763699a3e38fc4a5ba72e114b8b0781b66.tar.bz2
fork-ledger-efd55c763699a3e38fc4a5ba72e114b8b0781b66.zip
fix use-after-free with regex_match()
The smatch does not copy the input, it points to the original. So if the string is on the stack and goes out of scope because it's only used as a parameter, it will just be junk. Make a copy of it at a higher scope.
Diffstat (limited to 'src')
-rw-r--r--src/draft.cc8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/draft.cc b/src/draft.cc
index cd4553de..5ce41dc5 100644
--- a/src/draft.cc
+++ b/src/draft.cc
@@ -102,13 +102,15 @@ void draft_t::parse_args(const value_t& args)
value_t::sequence_t::const_iterator end = args.end();
for (; begin != end; begin++) {
+ string arg = (*begin).to_string();
+
if (check_for_date &&
- regex_match((*begin).to_string(), what, date_mask)) {
+ regex_match(arg, what, date_mask)) {
tmpl->date = parse_date(what[0]);
check_for_date = false;
}
else if (check_for_date &&
- bool(weekday = string_to_day_of_week((*begin).to_string()))) {
+ bool(weekday = string_to_day_of_week(arg))) {
#if defined(__GNUC__) && __GNUC__ >= 4 && __GNUC_MINOR__ >= 7
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
@@ -124,8 +126,6 @@ void draft_t::parse_args(const value_t& args)
check_for_date = false;
}
else {
- string arg = (*begin).to_string();
-
if (arg == "at") {
if (++begin == end)
throw std::runtime_error(_("Invalid xact command arguments"));