summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCyrille Bagard <nocbos@gmail.com>2023-10-16 22:06:57 (GMT)
committerCyrille Bagard <nocbos@gmail.com>2023-10-16 22:06:57 (GMT)
commit981b1d41a2102bcd7a432a81c9bd6979b8c6d6c4 (patch)
treebef6c3888845963ff683a9d11fcdde7f9cf06c6e
parentcc53c9b1124b464556ba29a4a91a33628b3efe14 (diff)
Fix a Use-After-Free.
-rw-r--r--src/analysis/scan/patterns/customizer.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/src/analysis/scan/patterns/customizer.c b/src/analysis/scan/patterns/customizer.c
index c3becf5..9659957 100644
--- a/src/analysis/scan/patterns/customizer.c
+++ b/src/analysis/scan/patterns/customizer.c
@@ -328,6 +328,7 @@ static bool g_scan_token_customizer_transform(const GScanTokenCustomizer *modifi
size_t i; /* Boucle de parcours #1 */
sized_binary_t *extra; /* Motifs supplémentaires */
size_t extra_count; /* Quantité de ces motifs */
+ size_t old_dcount; /* Mémorisation avant avancées */
sized_binary_t *new; /* Nouvel emplacement libre */
size_t k; /* Boucle de parcours #2 */
@@ -342,11 +343,13 @@ static bool g_scan_token_customizer_transform(const GScanTokenCustomizer *modifi
&extra, &extra_count);
if (!result) goto exit;
- new = (*dest) + *dcount;
+ old_dcount = *dcount;
*dcount += extra_count;
*dest = realloc(*dest, *dcount * sizeof(sized_binary_t));
+ new = (*dest) + old_dcount;
+
for (k = 0; k < extra_count; k++, new++)
copy_szstr(*new, extra[k]);