Add some paranoid checks to make sure stptr was malloced before freeing it.

author: Andrew J. Schorr <aschorr@telemetry-investments.com> 2017-01-26 14:29:00 -0500
committer: Andrew J. Schorr <aschorr@telemetry-investments.com> 2017-01-26 14:29:00 -0500
commit: baa3d88037962e5a0cd97ad048bb63f8efe2d789 (patch)
tree: e90617c2aea4d1d428b852aacb12f73212fa6f11
parent: a405df4fd26c1a1428fb3eb9d749c42295256634 (diff)
download: egawk-baa3d88037962e5a0cd97ad048bb63f8efe2d789.tar.gz
egawk-baa3d88037962e5a0cd97ad048bb63f8efe2d789.tar.bz2
egawk-baa3d88037962e5a0cd97ad048bb63f8efe2d789.zip
3 files changed, 13 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 62b956a9..12f0e5ca 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,14 @@
 2017-01-26         Andrew J. Schorr     <aschorr@telemetry-investments.com>
 
+	* node.c (r_format_val): Before we free s->stptr, make sure that it
+	was malloced.
+	(wstr2str): Add comment explaining why it's safe to free n->stptr
+	without doing any checks.
+	* mpfr.c (mpg_format_val): Ditto. And no need to reset the STRCUR flag
+	that we just checked.
+
+2017-01-26         Andrew J. Schorr     <aschorr@telemetry-investments.com>
+
 	* awk.h (enum block_id): Remove BLOCK_INVALID, since it serves no
 	useful purpose and seems to slow things down a bit.
 	* node.c (nextfree): Remove first invalid entry.
diff --git a/mpfr.c b/mpfr.c
index c0f1ff0c..8a5e9a69 100644
--- a/mpfr.c
+++ b/mpfr.c
@@ -381,12 +381,10 @@ mpg_format_val(const char *format, int index, NODE *s)
 	}
 	s->flags = oflags;
 	s->stlen = r->stlen;
-	if ((s->flags & STRCUR) != 0)
+	if ((s->flags & (MALLOC|STRCUR)) == (MALLOC|STRCUR))
 		efree(s->stptr);
 	s->stptr = r->stptr;
 	freenode(r);	/* Do not unref(r)! We want to keep s->stptr == r->stpr.  */
-
-	s->flags |= STRCUR;
 	free_wstr(s);
 	return s;
 }
diff --git a/node.c b/node.c
index d7ed98ea..6300bd4e 100644
--- a/node.c
+++ b/node.c
@@ -248,7 +248,7 @@ r_format_val(const char *format, int index, NODE *s)
 		}
 		s->flags = oflags;
 		s->stlen = r->stlen;
-		if ((s->flags & STRCUR) != 0)
+		if ((s->flags & (MALLOC|STRCUR)) == (MALLOC|STRCUR))
 			efree(s->stptr);
 		s->stptr = r->stptr;
 		freenode(r);	/* Do not unref(r)! We want to keep s->stptr == r->stpr.  */
@@ -273,7 +273,7 @@ r_format_val(const char *format, int index, NODE *s)
 			s->flags |= STRING;
 		}
 	}
-	if ((s->flags & STRCUR) != 0)
+	if ((s->flags & (MALLOC|STRCUR)) == (MALLOC|STRCUR))
 		efree(s->stptr);
 	emalloc(s->stptr, char *, s->stlen + 1, "format_val");
 	memcpy(s->stptr, sp, s->stlen + 1);
@@ -844,6 +844,7 @@ wstr2str(NODE *n)
 	}
 	*cp = '\0';
 
+	/* N.B. caller just created n with make_string, so this free is safe */
 	efree(n->stptr);
 	n->stptr = newval;
 	n->stlen = cp - newval;
author	Andrew J. Schorr <aschorr@telemetry-investments.com>	2017-01-26 14:29:00 -0500
committer	Andrew J. Schorr <aschorr@telemetry-investments.com>	2017-01-26 14:29:00 -0500
commit	baa3d88037962e5a0cd97ad048bb63f8efe2d789 (patch)
tree	e90617c2aea4d1d428b852aacb12f73212fa6f11
parent	a405df4fd26c1a1428fb3eb9d749c42295256634 (diff)
download	egawk-baa3d88037962e5a0cd97ad048bb63f8efe2d789.tar.gz egawk-baa3d88037962e5a0cd97ad048bb63f8efe2d789.tar.bz2 egawk-baa3d88037962e5a0cd97ad048bb63f8efe2d789.zip