diff options
| author | Pádraig Brady <P@draigBrady.com> | 2012-06-26 11:13:45 +0100 |
|---|---|---|
| committer | Pádraig Brady <P@draigBrady.com> | 2012-06-26 11:27:32 +0100 |
| commit | 5958bb44c4d7cf3b69bb62955b3ece9d0715eb60 (patch) | |
| tree | 17980b19ef71cace06fa0167f6d7e06b2f3eef46 /src/csplit.c | |
| parent | 4f2e9d503821c3eadc7344a7e85400779822bf0d (diff) | |
| download | coreutils-5958bb44c4d7cf3b69bb62955b3ece9d0715eb60.tar.xz | |
maint: avoid a static analysis warning in csplit
The Canalyze static code analyzer correctly surmised
that there is a use-after-free bug in free_buffer()
at the line "struct line *n = l->next", if that
function is called multiple times.
This is not a runtime issue since a list of lines
will not be present in the !lines_found case.
* src/csplit.c (free_buffer): Set list head to NULL so
that this function can be called multiple times.
(load_buffer): Remove a redundant call to free_buffer().
Reported-by: Xu Zhongxing
Diffstat (limited to 'src/csplit.c')
| -rw-r--r-- | src/csplit.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/csplit.c b/src/csplit.c index fb43350a2..c10562bcb 100644 --- a/src/csplit.c +++ b/src/csplit.c @@ -425,6 +425,7 @@ free_buffer (struct buffer_record *buf) free (l); l = n; } + buf->line_start = NULL; free (buf->buffer); buf->buffer = NULL; } @@ -499,8 +500,6 @@ load_buffer (void) b->bytes_used += read_input (p, bytes_avail); lines_found = record_line_starts (b); - if (!lines_found) - free_buffer (b); if (lines_found || have_read_eof) break; @@ -515,7 +514,10 @@ load_buffer (void) if (lines_found) save_buffer (b); else - free (b); + { + free_buffer (b); + free (b); + } return lines_found != 0; } |