From efd55c763699a3e38fc4a5ba72e114b8b0781b66 Mon Sep 17 00:00:00 2001 From: Tavis Ormandy Date: Thu, 8 Aug 2024 15:09:59 -0700 Subject: fix use-after-free with regex_match() The smatch does not copy the input, it points to the original. So if the string is on the stack and goes out of scope because it's only used as a parameter, it will just be junk. Make a copy of it at a higher scope. --- src/draft.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/draft.cc') diff --git a/src/draft.cc b/src/draft.cc index cd4553de..5ce41dc5 100644 --- a/src/draft.cc +++ b/src/draft.cc @@ -102,13 +102,15 @@ void draft_t::parse_args(const value_t& args) value_t::sequence_t::const_iterator end = args.end(); for (; begin != end; begin++) { + string arg = (*begin).to_string(); + if (check_for_date && - regex_match((*begin).to_string(), what, date_mask)) { + regex_match(arg, what, date_mask)) { tmpl->date = parse_date(what[0]); check_for_date = false; } else if (check_for_date && - bool(weekday = string_to_day_of_week((*begin).to_string()))) { + bool(weekday = string_to_day_of_week(arg))) { #if defined(__GNUC__) && __GNUC__ >= 4 && __GNUC_MINOR__ >= 7 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wmaybe-uninitialized" @@ -124,8 +126,6 @@ void draft_t::parse_args(const value_t& args) check_for_date = false; } else { - string arg = (*begin).to_string(); - if (arg == "at") { if (++begin == end) throw std::runtime_error(_("Invalid xact command arguments")); -- cgit v1.2.3