diff options
| author | Jonathan Gray <jsg@cvs.openbsd.org> | 2024-02-14 03:07:59 +0000 |
|---|---|---|
| committer | Jonathan Gray <jsg@cvs.openbsd.org> | 2024-02-14 03:07:59 +0000 |
| commit | 8ece2fc7f9d58862ddfc226abaa35af7ab5878e6 (patch) | |
| tree | 71429d3013218137b14c6a8a1c2943884541ec63 /usr.bin | |
| parent | 6c94882010e0fdc4b9725127bf62bc0113697746 (diff) | |
avoid use after free of frp and frp->tname
found by smatch, ok miod@ millert@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/vi/common/exf.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/usr.bin/vi/common/exf.c b/usr.bin/vi/common/exf.c index 1d966db1823..9b62d32e045 100644 --- a/usr.bin/vi/common/exf.c +++ b/usr.bin/vi/common/exf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exf.c,v 1.48 2021/10/25 14:17:24 dv Exp $ */ +/* $OpenBSD: exf.c,v 1.49 2024/02/14 03:07:58 jsg Exp $ */ /*- * Copyright (c) 1992, 1993, 1994 @@ -207,6 +207,7 @@ file_init(SCR *sp, FREF *frp, char *rcv_name, int flags) if ((frp->tname = strdup(tname)) == NULL || (frp->name == NULL && (frp->name = strdup(tname)) == NULL)) { free(frp->tname); + frp->tname = NULL; msgq(sp, M_SYSERR, NULL); (void)unlink(tname); goto err; @@ -666,6 +667,7 @@ file_end(SCR *sp, EXF *ep, int force) TAILQ_REMOVE(&sp->gp->frefq, frp, q); free(frp->name); free(frp); + frp = NULL; } sp->frp = NULL; } @@ -676,7 +678,10 @@ file_end(SCR *sp, EXF *ep, int force) * Close the db structure. */ if (ep->db->close != NULL && ep->db->close(ep->db) && !force) { - msgq_str(sp, M_SYSERR, frp->name, "%s: close"); + if (frp) + msgq_str(sp, M_SYSERR, frp->name, "%s: close"); + else + msgq(sp, M_SYSERR, "close"); ++ep->refcnt; return (1); } |