Avoid use-after-free in builtin unicode

ethomson · ethomson · commit bcd96426fca6 · 2023-12-21T20:21:34.000Z
Calculate length _before_ realloc, not after.
diff --git a/src/unicode_builtin.c b/src/unicode_builtin.c
@@ -372,13 +372,13 @@ static inline bool unicode_builtin_encoding_convert(
 			goto done;
 		}
 
+		out_len = out_start - out;
+
 		if ((new_out = realloc(out, out_size)) == NULL) {
 			ntlm_client_set_errmsg(ntlm, "out of memory");
 			goto done;
 		}
 
-		out_len = out_start - out;
-
 		out = new_out;
 		out_start = new_out + out_len;
 		out_end = out + out_size;

Original file line number	Diff line number	Diff line change
`@@ -372,13 +372,13 @@ static inline bool unicode_builtin_encoding_convert(`
`372`	`372`	`goto done;`
`373`	`373`	`}`
`374`	`374`
	`375`	`+ out_len = out_start - out;`
	`376`	`+`
`375`	`377`	`if ((new_out = realloc(out, out_size)) == NULL) {`
`376`	`378`	`ntlm_client_set_errmsg(ntlm, "out of memory");`
`377`	`379`	`goto done;`
`378`	`380`	`}`
`379`	`381`
`380`		`- out_len = out_start - out;`
`381`		`-`
`382`	`382`	`out = new_out;`
`383`	`383`	`out_start = new_out + out_len;`
`384`	`384`	`out_end = out + out_size;`