From 6d3ba9c0a03e57e20873ecd836da310fa3c9ddab Mon Sep 17 00:00:00 2001 From: Graham Percival Date: Wed, 28 Sep 2016 11:02:34 -0700 Subject: [PATCH] Initialize subst rule->result pointer to NULL This is not directly useful in libarchive at the present time, but it might be in the future. If a project which uses this code adds an atexit(3) handler to clean up memory, and somebody runs: bsdtar somestring -t then "omestring" will be interpreted as an (invalid) substitution rule and call lafe_errc(). However, if the atexit() handler then calls cleanup_substition(), it will try to free(rule->result) which was not initialized. Sponsored by: Tarsnap Backup Inc. --- tar/subst.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tar/subst.c b/tar/subst.c index 4710e06a6..39c54acfd 100644 --- a/tar/subst.c +++ b/tar/subst.c @@ -84,6 +84,7 @@ add_substitution(struct bsdtar *bsdtar, const char *rule_text) if (rule == NULL) lafe_errc(1, errno, "Out of memory"); rule->next = NULL; + rule->result = NULL; if (subst->last_rule == NULL) subst->first_rule = rule; -- 2.47.2