From: Pádraig Brady Date: Tue, 26 Jun 2012 10:13:45 +0000 (+0100) Subject: maint: avoid a static analysis warning in csplit X-Git-Tag: v8.18~45 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5958bb44c4d7cf3b69bb62955b3ece9d0715eb60;p=thirdparty%2Fcoreutils.git maint: avoid a static analysis warning in csplit The Canalyze static code analyzer correctly surmised that there is a use-after-free bug in free_buffer() at the line "struct line *n = l->next", if that function is called multiple times. This is not a runtime issue since a list of lines will not be present in the !lines_found case. * src/csplit.c (free_buffer): Set list head to NULL so that this function can be called multiple times. (load_buffer): Remove a redundant call to free_buffer(). Reported-by: Xu Zhongxing --- diff --git a/THANKS.in b/THANKS.in index 51b2c7dda7..2bdeab5e3c 100644 --- a/THANKS.in +++ b/THANKS.in @@ -636,6 +636,7 @@ Wis Macomson wis.macomson@intel.com Wojciech Purczynski cliph@isec.pl Wolfram Kleff kleff@cs.uni-bonn.de Won-kyu Park wkpark@chem.skku.ac.kr +Xu Zhongxing xu_zhong_xing@163.com Yang Ren ryang@redhat.com Yanko Kaneti yaneti@declera.com Yann Dirson dirson@debian.org diff --git a/src/csplit.c b/src/csplit.c index fb43350a2c..c10562bcbf 100644 --- a/src/csplit.c +++ b/src/csplit.c @@ -425,6 +425,7 @@ free_buffer (struct buffer_record *buf) free (l); l = n; } + buf->line_start = NULL; free (buf->buffer); buf->buffer = NULL; } @@ -499,8 +500,6 @@ load_buffer (void) b->bytes_used += read_input (p, bytes_avail); lines_found = record_line_starts (b); - if (!lines_found) - free_buffer (b); if (lines_found || have_read_eof) break; @@ -515,7 +514,10 @@ load_buffer (void) if (lines_found) save_buffer (b); else - free (b); + { + free_buffer (b); + free (b); + } return lines_found != 0; }