From af2b702b9415a3ded52d99bff9ba31dba6a0bf08 Mon Sep 17 00:00:00 2001 From: op Date: Wed, 22 Mar 2023 19:42:41 +0000 Subject: [PATCH] avoid memleak / crash in addctag the l pointer is advanced, so if the line is malformed `goto cleanup' will free(NULL) or a pointer inside l. semplification and ok tb@ --- usr.bin/mg/tags.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/usr.bin/mg/tags.c b/usr.bin/mg/tags.c index 44311120ae8..cd87ee556e7 100644 --- a/usr.bin/mg/tags.c +++ b/usr.bin/mg/tags.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tags.c,v 1.21 2023/03/22 18:18:35 op Exp $ */ +/* $OpenBSD: tags.c,v 1.22 2023/03/22 19:42:41 op Exp $ */ /* * This file is in the public domain. @@ -367,17 +367,18 @@ strip(char *s, size_t len) * l, and can be freed during cleanup. */ int -addctag(char *l) +addctag(char *s) { struct ctag *t = NULL; + char *l; if ((t = malloc(sizeof(struct ctag))) == NULL) { dobeep(); ewprintf("Out of memory"); goto cleanup; } - t->tag = l; - if ((l = strchr(l, '\t')) == NULL) + t->tag = s; + if ((l = strchr(s, '\t')) == NULL) goto cleanup; *l++ = '\0'; t->fname = l; @@ -391,7 +392,7 @@ addctag(char *l) return (TRUE); cleanup: free(t); - free(l); + free(s); return (FALSE); } -- 2.20.1