From f22ef0fefd6fc5cd1c0c8cf8cc9ab129ed58c4aa Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 29 Nov 2021 13:41:36 +0100
Subject: [PATCH] lsfd: fix use-after-free and resource leak [coverity scan]

>>>     CID 374363:  Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Dereferencing freed pointer "t".
764                             snprintf(parser->errmsg, ERRMSG_LEN,
765                                      _("error: unsupported column data type: %d, column: %s"),
766                                      jtype, t->val.str);

856             default:
857                     warnx("unexpected token type: %d", t->type);
>>>     CID 374360:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "t" going out of scope leaks the storage it points to.
858                     return NULL;

Signed-off-by: Karel Zak <kzak@redhat.com>
---
 misc-utils/lsfd-filter.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/misc-utils/lsfd-filter.c b/misc-utils/lsfd-filter.c
index 440a07d6eb..da53864778 100644
--- a/misc-utils/lsfd-filter.c
+++ b/misc-utils/lsfd-filter.c
@@ -746,7 +746,6 @@ static struct node *dparser_compile1(struct parser *parser, struct node *last)
 			scols_column_set_flags(cl, SCOLS_FL_HIDDEN);
 		}
 		parameter_init(parser->parameters + col_id, cl);
-		token_free(t);
 
 		int jtype = scols_column_get_json_type(cl);
 		int ntype;
@@ -767,6 +766,7 @@ static struct node *dparser_compile1(struct parser *parser, struct node *last)
 			return NULL;
 		}
 		node = node_val_new(ntype, col_id);
+		token_free(t);
 		return node;
 	}
 
@@ -796,6 +796,7 @@ static struct node *dparser_compile1(struct parser *parser, struct node *last)
 	case TOKEN_OP1: {
 		struct node *op1_right = dparser_compile1(parser, NULL);
 		struct op1_class *op1_class = TOKEN_OP1_CLASS(t);
+
 		token_free(t);
 
 		if (GOT_ERROR(parser)) {
@@ -826,6 +827,7 @@ static struct node *dparser_compile1(struct parser *parser, struct node *last)
 	case TOKEN_OP2: {
 		struct node *op2_right = dparser_compile1(parser, NULL);
 		struct op2_class *op2_class = TOKEN_OP2_CLASS(t);
+
 		token_free(t);
 
 		if (GOT_ERROR(parser)) {
@@ -855,6 +857,7 @@ static struct node *dparser_compile1(struct parser *parser, struct node *last)
 
 	default:
 		warnx("unexpected token type: %d", t->type);
+		token_free(t);
 		return NULL;
 	}
 }
-- 
2.47.3