From 2f661dc20617ba6fdeb2d7e243dc898653faafea Mon Sep 17 00:00:00 2001

From: Lubomir Rintel <lkundrak@v3.sk>

Date: Tue, 26 Apr 2011 21:50:26 +0200

Subject: [PATCH] Always copy the string before expanding it

It might get freed during expansion, e.g. with eval function.

A simple reproducer:

TRUE = $(eval TRUE := true)

all:

	$(TRUE)

---

 ChangeLog |    5 +++++

 expand.c  |   18 +++++++++---------

 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/ChangeLog b/ChangeLog

index 91878fb..7519164 100644

--- a/ChangeLog

+++ b/ChangeLog

@@ -1,3 +1,8 @@

+2011-04-26  Lubomir Rintel  <lkundrak@v3.sk>

+

+	* expand.c (variable_expand_string): Always copy the string

+	to expand.

+

 2010-08-13  Paul Smith  <psmith@gnu.org>

 	* NEWS: Accidentally forgot to back out the sorted wildcard

diff --git a/expand.c b/expand.c

index 2315b06..3e6e346 100644

--- a/expand.c

+++ b/expand.c

@@ -197,7 +197,7 @@ variable_expand_string (char *line, const char *string, long length)

 {

   struct variable *v;

   const char *p, *p1;

-  char *abuf = NULL;

+  char *abuf;

   char *o;

   unsigned int line_offset;

@@ -214,14 +214,15 @@ variable_expand_string (char *line, const char *string, long length)

   /* If we want a subset of the string, allocate a temporary buffer for it.

      Most of the functions we use here don't work with length limits.  */

-  if (length > 0 && string[length] != '\0')

+  if (length == -1)

     {

-      abuf = xmalloc(length+1);

-      memcpy(abuf, string, length);

-      abuf[length] = '\0';

-      string = abuf;

+      length = strlen (string);

     }

-  p = string;

+

+  abuf = xmalloc(length+1);

+  memcpy(abuf, string, length);

+  abuf[length] = '\0';

+  p = abuf;

   while (1)

     {

@@ -411,8 +412,7 @@ variable_expand_string (char *line, const char *string, long length)

       ++p;

     }

-  if (abuf)

-    free (abuf);

+  free (abuf);

   variable_buffer_output (o, "", 1);

   return (variable_buffer + line_offset);

-- 

1.7.4.1