From d467a79fdb980f43fac706aa309a77071998ef95 Mon Sep 17 00:00:00 2001
From: Haochen Tong <i@hexchain.org>
Date: Sun, 21 Jul 2019 00:02:31 +0800
Subject: [PATCH] Fix heap use-after-free with setlocale

In glibc the return value of setlocale() is allocated in static storage,
which may be invalidated by subsequent calls.
---
 src/linux.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/linux.cc b/src/linux.cc
index 2174fa67..09ad75e7 100644
--- a/src/linux.cc
+++ b/src/linux.cc
@@ -1069,7 +1069,7 @@ int fscanf_no_i18n(FILE *stream, const char *format, ...) {
   va_list ap;
 
 #ifdef BUILD_I18N
-  const char *oldlocale = setlocale(LC_NUMERIC, nullptr);
+  char *oldlocale = strdup(setlocale(LC_NUMERIC, nullptr));
 
   setlocale(LC_NUMERIC, "C");
 #endif
@@ -1078,6 +1078,7 @@ int fscanf_no_i18n(FILE *stream, const char *format, ...) {
   va_end(ap);
 #ifdef BUILD_I18N
   setlocale(LC_NUMERIC, oldlocale);
+  free(oldlocale);
 #endif
   return returncode;
 }