From 5958bb44c4d7cf3b69bb62955b3ece9d0715eb60 Mon Sep 17 00:00:00 2001
From: Pádraig Brady <P@draigBrady.com>
Date: Tue, 26 Jun 2012 11:13:45 +0100
Subject: maint: avoid a static analysis warning in csplit

The Canalyze static code analyzer correctly surmised
that there is a use-after-free bug in free_buffer()
at the line "struct line *n = l->next", if that
function is called multiple times.

This is not a runtime issue since a list of lines
will not be present in the !lines_found case.

* src/csplit.c (free_buffer): Set list head to NULL so
that this function can be called multiple times.
(load_buffer): Remove a redundant call to free_buffer().

Reported-by: Xu Zhongxing
---
 src/csplit.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'src/csplit.c')

diff --git a/src/csplit.c b/src/csplit.c
index fb43350a2..c10562bcb 100644
--- a/src/csplit.c
+++ b/src/csplit.c
@@ -425,6 +425,7 @@ free_buffer (struct buffer_record *buf)
       free (l);
       l = n;
     }
+  buf->line_start = NULL;
   free (buf->buffer);
   buf->buffer = NULL;
 }
@@ -499,8 +500,6 @@ load_buffer (void)
       b->bytes_used += read_input (p, bytes_avail);
 
       lines_found = record_line_starts (b);
-      if (!lines_found)
-        free_buffer (b);
 
       if (lines_found || have_read_eof)
         break;
@@ -515,7 +514,10 @@ load_buffer (void)
   if (lines_found)
     save_buffer (b);
   else
-    free (b);
+    {
+      free_buffer (b);
+      free (b);
+    }
 
   return lines_found != 0;
 }
-- 
cgit v1.2.3-54-g00ecf