Copy (strdup) a command-line arg to avoid use-after-free.

There may be a better way to handle this that avoids leaking the command-line arguments. BUG= https://code.google.com/p/nativeclient/issues/detail?id=3605 R=dschuff@chromium.org Review URL: https://codereview.chromium.org/21375003
author: Jim Stichnoth <stichnot@chromium.org> 2013-07-31 11:17:52 -0700
committer: Jim Stichnoth <stichnot@chromium.org> 2013-07-31 11:17:52 -0700
commit: 365546bcef14965546dc39ebcef35f07a897b9c5 (patch)
tree: f015015cb855e892886cf85e96e574fd065f0014 /tools
parent: f75fd0a9f95109b9cb13a74aad6dcc98c3d5d625 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/tools/pnacl-llc/srpc_main.cpp b/tools/pnacl-llc/srpc_main.cpp
index bd97bc8c5b..87178c2038 100644
--- a/tools/pnacl-llc/srpc_main.cpp
+++ b/tools/pnacl-llc/srpc_main.cpp
@@ -61,7 +61,7 @@ int DoTranslate(ArgStringList *CmdLineArgs, int object_fd) {
   object_file_fd = object_fd;
   // Make an argv array from the input vector.
   size_t argc = CmdLineArgs->size();
-  char **argv = new char *[argc];
+  char **argv = new char *[argc + 1];
   for (size_t i = 0; i < argc; ++i) {
     // llc_main will not mutate the command line, so this is safe.
     argv[i] = const_cast<char *>((*CmdLineArgs)[i]);
@@ -75,7 +75,9 @@ ArgStringList *CommandLineFromArgz(char *str, size_t str_len) {
   char *entry = str;
   ArgStringList *CmdLineArgs = new ArgStringList;
   while (entry != NULL) {
-    CmdLineArgs->push_back(entry);
+    // Call strdup(entry) since the str argument will ultimately be
+    // freed by the SRPC message sender.
+    CmdLineArgs->push_back(strdup(entry));
     entry = argz_next(str, str_len, entry);
   }
   return CmdLineArgs;
author	Jim Stichnoth <stichnot@chromium.org>	2013-07-31 11:17:52 -0700
committer	Jim Stichnoth <stichnot@chromium.org>	2013-07-31 11:17:52 -0700
commit	365546bcef14965546dc39ebcef35f07a897b9c5 (patch)
tree	f015015cb855e892886cf85e96e574fd065f0014 /tools
parent	f75fd0a9f95109b9cb13a74aad6dcc98c3d5d625 (diff)