diff -up openslp-2.0.0/slpd/slpd_predicate.c.orig openslp-2.0.0/slpd/slpd_predicate.c
--- openslp-2.0.0/slpd/slpd_predicate.c.orig 2012-12-11 00:31:53.000000000 +0100
+++ openslp-2.0.0/slpd/slpd_predicate.c 2015-01-14 13:17:45.115104003 +0100
@@ -1425,6 +1425,8 @@ void freePredicateParseTree(SLPDPredicat
break;
}
pNextNode = pNode->next;
+ xfree(pNode->nodeBody.comparison.tag_str);
+ xfree(pNode->nodeBody.comparison.value_str);
xfree(pNode);
pNode = pNextNode;
}
@@ -1643,26 +1645,28 @@ SLPDPredicateParseResult createPredicate
rhs = val_start;
/***** Create leaf node. *****/
- *ppNode = (SLPDPredicateTreeNode *)xmalloc(sizeof (SLPDPredicateTreeNode) + lhs_len + rhs_len);
+ *ppNode = (SLPDPredicateTreeNode *)xmalloc(sizeof (SLPDPredicateTreeNode));
if (!(*ppNode))
return PREDICATE_PARSE_INTERNAL_ERROR;
+ (*ppNode)->nodeBody.comparison.tag_str = (char *)xmalloc((lhs_len+1) * sizeof(char));
+ if (!((*ppNode)->nodeBody.comparison.tag_str))
+ return PREDICATE_PARSE_INTERNAL_ERROR;
+
+ (*ppNode)->nodeBody.comparison.value_str = (char *)xmalloc((rhs_len+1) * sizeof(char));
+ if (!((*ppNode)->nodeBody.comparison.value_str))
+ return PREDICATE_PARSE_INTERNAL_ERROR;
+
(*ppNode)->nodeType = op;
(*ppNode)->next = (SLPDPredicateTreeNode *)0;
- /* Finished with "operator" now - just use as temporary pointer to assist with copying the
- * attribute name (lhs) and required value (rhs) into the node
- */
- operator = (*ppNode)->nodeBody.comparison.storage;
- strncpy(operator, lhs, lhs_len);
- operator[lhs_len] = '\0';
(*ppNode)->nodeBody.comparison.tag_len = lhs_len;
- (*ppNode)->nodeBody.comparison.tag_str = operator;
- operator += lhs_len + 1;
- strncpy(operator, rhs, rhs_len);
- operator[rhs_len] = '\0';
+ strncpy((*ppNode)->nodeBody.comparison.tag_str, lhs, lhs_len);
+ (*ppNode)->nodeBody.comparison.tag_str[lhs_len] = '\0';
+
(*ppNode)->nodeBody.comparison.value_len = rhs_len;
- (*ppNode)->nodeBody.comparison.value_str = operator;
+ strncpy((*ppNode)->nodeBody.comparison.value_str, rhs, rhs_len);
+ (*ppNode)->nodeBody.comparison.value_str[rhs_len] = '\0';
return PREDICATE_PARSE_OK;
}