From 11892f0282aa3431051b1d8996f68d9f7895f818 Mon Sep 17 00:00:00 2001
From: Sergey Bugaev <bugaevc@gmail.com>
Date: Tue, 9 May 2023 00:31:13 +0300
Subject: proc: Fix use-after-realloc

Message-Id: <20230508213136.608575-19-bugaevc@gmail.com>
---
 proc/info.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'proc')

diff --git a/proc/info.c b/proc/info.c
index 12743465..d84fdd45 100644
--- a/proc/info.c
+++ b/proc/info.c
@@ -941,6 +941,8 @@ S_proc_getloginpids (struct proc *callerp,
 	    if (new - parray > parraysize)
 	      {
 		struct proc **newparray;
+		ptrdiff_t tail_offset = tail - parray;
+		ptrdiff_t new_offset = new - parray;
 		newparray = realloc (parray, ((parraysize *= 2)
 					      * sizeof (struct proc *)));
 		if (! newparray)
@@ -949,8 +951,8 @@ S_proc_getloginpids (struct proc *callerp,
 		    return ENOMEM;
 		  }
 
-		tail = newparray + (tail - parray);
-		new = newparray + (new - parray);
+		tail = newparray + tail_offset;
+		new = newparray + new_offset;
 		parray = newparray;
 	      }
 	    *new++ = p;
-- 
cgit v1.2.3