lsfd: fix use-after-free and resource leak [coverity scan]

>>>     CID 374363:  Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Dereferencing freed pointer "t".
764                             snprintf(parser->errmsg, ERRMSG_LEN,
765                                      _("error: unsupported column data type: %d, column: %s"),
766                                      jtype, t->val.str);

856             default:
857                     warnx("unexpected token type: %d", t->type);
>>>     CID 374360:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "t" going out of scope leaks the storage it points to.
858                     return NULL;

Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/misc-utils/lsfd-filter.c b/misc-utils/lsfd-filter.c
index 440a07d6eb243bd0e03700446d2c170545a79e6c..da53864778d1bdf49966505c5d713dbfe66afcb0 100644 (file)
--- a/misc-utils/lsfd-filter.c
+++ b/misc-utils/lsfd-filter.c
@@ -746,7 +746,6 @@ static struct node *dparser_compile1(struct parser *parser, struct node *last)
                        scols_column_set_flags(cl, SCOLS_FL_HIDDEN);
                }
                parameter_init(parser->parameters + col_id, cl);
-               token_free(t);
 
                int jtype = scols_column_get_json_type(cl);
                int ntype;
@@ -767,6 +766,7 @@ static struct node *dparser_compile1(struct parser *parser, struct node *last)
                        return NULL;
                }
                node = node_val_new(ntype, col_id);
+               token_free(t);
                return node;
        }
 
@@ -796,6 +796,7 @@ static struct node *dparser_compile1(struct parser *parser, struct node *last)
        case TOKEN_OP1: {
                struct node *op1_right = dparser_compile1(parser, NULL);
                struct op1_class *op1_class = TOKEN_OP1_CLASS(t);
+
                token_free(t);
 
                if (GOT_ERROR(parser)) {
@@ -826,6 +827,7 @@ static struct node *dparser_compile1(struct parser *parser, struct node *last)
        case TOKEN_OP2: {
                struct node *op2_right = dparser_compile1(parser, NULL);
                struct op2_class *op2_class = TOKEN_OP2_CLASS(t);
+
                token_free(t);
 
                if (GOT_ERROR(parser)) {
@@ -855,6 +857,7 @@ static struct node *dparser_compile1(struct parser *parser, struct node *last)
 
        default:
                warnx("unexpected token type: %d", t->type);
+               token_free(t);
                return NULL;
        }
 }