From 4e2fd4cca630e887cabf030d926ca21e9d842634 Mon Sep 17 00:00:00 2001
From: Jim Meyering <jim@meyering.net>
Date: Thu, 11 Jan 2007 19:31:27 +0100
Subject: Avoid a leak in expr's implementation of the ":" (match) operator. *
 src/expr.c (docolon): Free the regexp buffer using regfree, rather than doing
 it manually, being careful to set fastmap to NULL first. Free any
 re_regs.start and .end members, if necessary.

---
 src/expr.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/expr.c b/src/expr.c
index 7f9f5323d..352c80cc6 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -427,6 +427,10 @@ docolon (VALUE *sv, VALUE *pv)
   tostring (sv);
   tostring (pv);
 
+  re_regs.num_regs = 0;
+  re_regs.start = NULL;
+  re_regs.end = NULL;
+
   re_buffer.buffer = NULL;
   re_buffer.allocated = 0;
   re_buffer.fastmap = fastmap;
@@ -463,7 +467,13 @@ docolon (VALUE *sv, VALUE *pv)
 	   (matchlen == -2 ? errno : EOVERFLOW),
 	   _("error in regular expression matcher"));
 
-  free (re_buffer.buffer);
+  if (0 < re_regs.num_regs)
+    {
+      free (re_regs.start);
+      free (re_regs.end);
+    }
+  re_buffer.fastmap = NULL;
+  regfree (&re_buffer);
   return v;
 }
 
-- 
cgit v1.2.3-54-g00ecf