summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorPádraig Brady <P@draigBrady.com>2012-06-26 11:13:45 +0100
committerPádraig Brady <P@draigBrady.com>2012-06-26 11:27:32 +0100
commit5958bb44c4d7cf3b69bb62955b3ece9d0715eb60 (patch)
tree17980b19ef71cace06fa0167f6d7e06b2f3eef46 /src
parent4f2e9d503821c3eadc7344a7e85400779822bf0d (diff)
downloadcoreutils-5958bb44c4d7cf3b69bb62955b3ece9d0715eb60.tar.xz
maint: avoid a static analysis warning in csplit
The Canalyze static code analyzer correctly surmised that there is a use-after-free bug in free_buffer() at the line "struct line *n = l->next", if that function is called multiple times. This is not a runtime issue since a list of lines will not be present in the !lines_found case. * src/csplit.c (free_buffer): Set list head to NULL so that this function can be called multiple times. (load_buffer): Remove a redundant call to free_buffer(). Reported-by: Xu Zhongxing
Diffstat (limited to 'src')
-rw-r--r--src/csplit.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/src/csplit.c b/src/csplit.c
index fb43350a2..c10562bcb 100644
--- a/src/csplit.c
+++ b/src/csplit.c
@@ -425,6 +425,7 @@ free_buffer (struct buffer_record *buf)
free (l);
l = n;
}
+ buf->line_start = NULL;
free (buf->buffer);
buf->buffer = NULL;
}
@@ -499,8 +500,6 @@ load_buffer (void)
b->bytes_used += read_input (p, bytes_avail);
lines_found = record_line_starts (b);
- if (!lines_found)
- free_buffer (b);
if (lines_found || have_read_eof)
break;
@@ -515,7 +514,10 @@ load_buffer (void)
if (lines_found)
save_buffer (b);
else
- free (b);
+ {
+ free_buffer (b);
+ free (b);
+ }
return lines_found != 0;
}