From 5958bb44c4d7cf3b69bb62955b3ece9d0715eb60 Mon Sep 17 00:00:00 2001 From: =?utf8?q?P=C3=A1draig=20Brady?= Date: Tue, 26 Jun 2012 11:13:45 +0100 Subject: [PATCH] maint: avoid a static analysis warning in csplit The Canalyze static code analyzer correctly surmised that there is a use-after-free bug in free_buffer() at the line "struct line *n = l->next", if that function is called multiple times. This is not a runtime issue since a list of lines will not be present in the !lines_found case. * src/csplit.c (free_buffer): Set list head to NULL so that this function can be called multiple times. (load_buffer): Remove a redundant call to free_buffer(). Reported-by: Xu Zhongxing --- THANKS.in | 1 + src/csplit.c | 8 +++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/THANKS.in b/THANKS.in index 51b2c7dda7..2bdeab5e3c 100644 --- a/THANKS.in +++ b/THANKS.in @@ -636,6 +636,7 @@ Wis Macomson wis.macomson@intel.com Wojciech Purczynski cliph@isec.pl Wolfram Kleff kleff@cs.uni-bonn.de Won-kyu Park wkpark@chem.skku.ac.kr +Xu Zhongxing xu_zhong_xing@163.com Yang Ren ryang@redhat.com Yanko Kaneti yaneti@declera.com Yann Dirson dirson@debian.org diff --git a/src/csplit.c b/src/csplit.c index fb43350a2c..c10562bcbf 100644 --- a/src/csplit.c +++ b/src/csplit.c @@ -425,6 +425,7 @@ free_buffer (struct buffer_record *buf) free (l); l = n; } + buf->line_start = NULL; free (buf->buffer); buf->buffer = NULL; } @@ -499,8 +500,6 @@ load_buffer (void) b->bytes_used += read_input (p, bytes_avail); lines_found = record_line_starts (b); - if (!lines_found) - free_buffer (b); if (lines_found || have_read_eof) break; @@ -515,7 +514,10 @@ load_buffer (void) if (lines_found) save_buffer (b); else - free (b); + { + free_buffer (b); + free (b); + } return lines_found != 0; } -- 2.47.2