philippelh/bitchx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix a double-free bug when a window on an alternate screen queries an exec process

Browse Source 
The 'free_it' variable was only initialised to zero at the start of the function, so when non-main screens
were processed in the later iterations of the loop, it could keep a value of 1 from the previous iteration.

We don't actually need a free_it variable at all - just use a NULL value of ptr_free to indicate that there
is nothing to free (and passing a NULL to new_free() is a no-op).

This also simplifies a test because ptr is always non-NULL (strip_ansi() never returns NULL).
This commit is contained in:
Kevin Easton
2017-02-16 23:12:38 +11:00
parent 790cb771ed
commit debfebf3a7
2 changed files with 12 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Changelog
View File

@@ -1,5 +1,8 @@
[Changes 1.2.2] [Changes 1.2.2]
* Fix a double-free bug when a window on an alternate screen queries an exec
process. (caf)
* Use 127.0.0.1 for wserv socket, which fixes /WINDOW CREATE with IPv6. (caf) * Use 127.0.0.1 for wserv socket, which fixes /WINDOW CREATE with IPv6. (caf)
* Allow INVITE and WALLOP floods to trigger auto-ignore. (caf) * Allow INVITE and WALLOP floods to trigger auto-ignore. (caf)

16
source/input.c
View File

@@ -167,9 +167,8 @@ extern void BX_cursor_to_input (void)
extern void BX_update_input (int update) extern void BX_update_input (int update)
{ {
int old_zone; int old_zone;
char *ptr, *ptr_free; char *ptr;
int len, int len,
free_it = 0,
echo = 1, echo = 1,
max; max;
@@ -178,7 +177,6 @@ extern void BX_update_input (int update)
Screen *ns; Screen *ns;
Window *saved_current_window = current_window; Window *saved_current_window = current_window;
#ifdef WANT_HEBREW #ifdef WANT_HEBREW
void BX_set_input_heb (char *str); void BX_set_input_heb (char *str);
char prehebbuff[2000]; char prehebbuff[2000];
@@ -231,31 +229,28 @@ extern void BX_update_input (int update)
if (prompt && update != NO_UPDATE) if (prompt && update != NO_UPDATE)
{ {
int args_used; int args_used;
char *ptr_free = NULL;
if (is_valid_process(get_target_by_refnum(0)) != -1) if (is_valid_process(get_target_by_refnum(0)) != -1)
ptr = (char *)get_prompt_by_refnum(0); ptr = (char *)get_prompt_by_refnum(0);
else else
{ {
ptr = expand_alias(prompt, empty_string, &args_used, NULL); ptr = expand_alias(prompt, empty_string, &args_used, NULL);
free_it = 1; ptr_free = ptr;
} }
if (last_input_screen->promptlist) if (last_input_screen->promptlist)
term_echo(last_input_screen->promptlist->echo); term_echo(last_input_screen->promptlist->echo);
ptr_free = ptr;
ptr = strip_ansi(ptr); ptr = strip_ansi(ptr);
strcat(ptr, ALL_OFF_STR); /* Yes, we can do this */ strcat(ptr, ALL_OFF_STR); /* Yes, we can do this */
if (free_it)
new_free(&ptr_free); new_free(&ptr_free);
free_it = 1;
if ((ptr && !INPUT_LINE) || (!ptr && INPUT_LINE) || if (!INPUT_LINE || strcmp(ptr, last_input_screen->input_buffer))
strcmp(ptr, last_input_screen->input_buffer))
{ {
if (last_input_screen->input_prompt_malloc) if (last_input_screen->input_prompt_malloc)
new_free(&INPUT_PROMPT); new_free(&INPUT_PROMPT);
last_input_screen->input_prompt_malloc = free_it; last_input_screen->input_prompt_malloc = 1;
INPUT_PROMPT = ptr; INPUT_PROMPT = ptr;
len = strlen(INPUT_PROMPT); len = strlen(INPUT_PROMPT);
@@ -264,7 +259,6 @@ extern void BX_update_input (int update)
} }
else else
{ {
if (free_it)
new_free(&ptr); new_free(&ptr);
} }
} }