|
 |
ad2f2b |
From 7076be534597dadba5c3b3bcfdd10a93333fbc43 Mon Sep 17 00:00:00 2001
|
|
|
ad2f2b |
From: Tomas Popela <tpopela@redhat.com>
|
|
|
ad2f2b |
Date: Fri, 12 Oct 2018 12:11:32 +0200
|
|
|
ad2f2b |
Subject: [PATCH 16/17] Fix possible double free
|
|
|
ad2f2b |
|
|
|
ad2f2b |
Error: CLANG_WARNING:
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:931:5: warning: Attempt to free released memory
|
|
|
ad2f2b |
g_free (query);
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:259:9: note: Assuming the condition is false
|
|
|
ad2f2b |
if (priv->doctype != YELP_URI_DOCUMENT_TYPE_UNRESOLVED)
|
|
|
ad2f2b |
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:259:5: note: Taking false branch
|
|
|
ad2f2b |
if (priv->doctype != YELP_URI_DOCUMENT_TYPE_UNRESOLVED)
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:262:9: note: Assuming the condition is false
|
|
|
ad2f2b |
if (priv->res_base)
|
|
|
ad2f2b |
^~~~~~~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:262:5: note: Taking false branch
|
|
|
ad2f2b |
if (priv->res_base)
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:266:5: note: Calling 'resolve_sync'
|
|
|
ad2f2b |
resolve_sync (uri);
|
|
|
ad2f2b |
^~~~~~~~~~~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:311:9: note: Assuming the condition is false
|
|
|
ad2f2b |
if (g_str_has_prefix (priv->res_arg, "ghelp:")
|
|
|
ad2f2b |
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:311:9: note: Left side of '||' is false
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:312:12: note: Assuming the condition is false
|
|
|
ad2f2b |
|| g_str_has_prefix (priv->res_arg, "gnome-help:")) {
|
|
|
ad2f2b |
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:311:5: note: Taking false branch
|
|
|
ad2f2b |
if (g_str_has_prefix (priv->res_arg, "ghelp:")
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:315:14: note: Assuming the condition is true
|
|
|
ad2f2b |
else if (g_str_has_prefix (priv->res_arg, "help:")) {
|
|
|
ad2f2b |
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:315:10: note: Taking true branch
|
|
|
ad2f2b |
else if (g_str_has_prefix (priv->res_arg, "help:")) {
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:316:9: note: Calling 'resolve_help_uri'
|
|
|
ad2f2b |
resolve_help_uri (uri);
|
|
|
ad2f2b |
^~~~~~~~~~~~~~~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:856:9: note: Assuming 'colon' is non-null
|
|
|
ad2f2b |
if (!colon) {
|
|
|
ad2f2b |
^~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:856:5: note: Taking false branch
|
|
|
ad2f2b |
if (!colon) {
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:862:21: note: Assuming the condition is true
|
|
|
ad2f2b |
for (c = colon; *c != '\0'; c++) {
|
|
|
ad2f2b |
^~~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:862:5: note: Loop condition is true. Entering loop body
|
|
|
ad2f2b |
for (c = colon; *c != '\0'; c++) {
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:863:13: note: Assuming the condition is false
|
|
|
ad2f2b |
if (*c == '#' && hash == NULL)
|
|
|
ad2f2b |
^~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:863:23: note: Left side of '&&' is false
|
|
|
ad2f2b |
if (*c == '#' && hash == NULL)
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:865:18: note: Assuming the condition is false
|
|
|
ad2f2b |
else if (*c == '?' && query == NULL && hash == NULL)
|
|
|
ad2f2b |
^~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:865:28: note: Left side of '&&' is false
|
|
|
ad2f2b |
else if (*c == '?' && query == NULL && hash == NULL)
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:867:18: note: Assuming the condition is false
|
|
|
ad2f2b |
else if (*c == '/' && slash == NULL && query == NULL && hash == NULL)
|
|
|
ad2f2b |
^~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:867:28: note: Left side of '&&' is false
|
|
|
ad2f2b |
else if (*c == '/' && slash == NULL && query == NULL && hash == NULL)
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:862:21: note: Assuming the condition is true
|
|
|
ad2f2b |
for (c = colon; *c != '\0'; c++) {
|
|
|
ad2f2b |
^~~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:862:5: note: Loop condition is true. Entering loop body
|
|
|
ad2f2b |
for (c = colon; *c != '\0'; c++) {
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:863:13: note: Assuming the condition is false
|
|
|
ad2f2b |
if (*c == '#' && hash == NULL)
|
|
|
ad2f2b |
^~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:863:23: note: Left side of '&&' is false
|
|
|
ad2f2b |
if (*c == '#' && hash == NULL)
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:865:18: note: Assuming the condition is true
|
|
|
ad2f2b |
else if (*c == '?' && query == NULL && hash == NULL)
|
|
|
ad2f2b |
^~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:865:18: note: Left side of '&&' is true
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:865:18: note: Left side of '&&' is true
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:865:14: note: Taking true branch
|
|
|
ad2f2b |
else if (*c == '?' && query == NULL && hash == NULL)
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:862:21: note: Assuming the condition is true
|
|
|
ad2f2b |
for (c = colon; *c != '\0'; c++) {
|
|
|
ad2f2b |
^~~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:862:5: note: Loop condition is true. Entering loop body
|
|
|
ad2f2b |
for (c = colon; *c != '\0'; c++) {
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:863:13: note: Assuming the condition is true
|
|
|
ad2f2b |
if (*c == '#' && hash == NULL)
|
|
|
ad2f2b |
^~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:863:13: note: Left side of '&&' is true
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:863:9: note: Taking true branch
|
|
|
ad2f2b |
if (*c == '#' && hash == NULL)
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:862:21: note: Assuming the condition is false
|
|
|
ad2f2b |
for (c = colon; *c != '\0'; c++) {
|
|
|
ad2f2b |
^~~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:862:5: note: Loop condition is false. Execution continues on line 871
|
|
|
ad2f2b |
for (c = colon; *c != '\0'; c++) {
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:871:9: note: Left side of '||' is false
|
|
|
ad2f2b |
if (slash || query || hash)
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:871:24: note: Left side of '||' is true
|
|
|
ad2f2b |
if (slash || query || hash)
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:873:32: note: '?' condition is false
|
|
|
ad2f2b |
(slash ? slash : (query ? query : hash)) - colon - 1);
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:873:49: note: '?' condition is true
|
|
|
ad2f2b |
(slash ? slash : (query ? query : hash)) - colon - 1);
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:877:15: note: Left side of '&&' is false
|
|
|
ad2f2b |
if (slash && (query || hash))
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:880:10: note: Taking false branch
|
|
|
ad2f2b |
else if (slash)
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:883:9: note: Assuming 'query' is null
|
|
|
ad2f2b |
if (query && hash)
|
|
|
ad2f2b |
^~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:883:15: note: Left side of '&&' is false
|
|
|
ad2f2b |
if (query && hash)
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:886:14: note: Assuming 'query' is null
|
|
|
ad2f2b |
else if (query)
|
|
|
ad2f2b |
^~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:886:10: note: Taking false branch
|
|
|
ad2f2b |
else if (query)
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:889:9: note: Assuming 'query' is null
|
|
|
ad2f2b |
if (query) {
|
|
|
ad2f2b |
^~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:889:5: note: Taking false branch
|
|
|
ad2f2b |
if (query) {
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:907:9: note: Assuming 'hash' is null
|
|
|
ad2f2b |
if (hash)
|
|
|
ad2f2b |
^~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:907:5: note: Taking false branch
|
|
|
ad2f2b |
if (hash)
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:910:22: note: '?' condition is false
|
|
|
ad2f2b |
priv->page_id = (slash ? slash : g_strdup ("index"));
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:913:9: note: Assuming 'hash' is non-null
|
|
|
ad2f2b |
if (hash)
|
|
|
ad2f2b |
^~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:913:5: note: Taking true branch
|
|
|
ad2f2b |
if (hash)
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:915:9: note: Assuming the condition is true
|
|
|
ad2f2b |
if (priv->frag_id && g_str_has_prefix (priv->frag_id, "search=")) {
|
|
|
ad2f2b |
^~~~~~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:915:9: note: Left side of '&&' is true
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:915:26: note: Assuming the condition is true
|
|
|
ad2f2b |
if (priv->frag_id && g_str_has_prefix (priv->frag_id, "search=")) {
|
|
|
ad2f2b |
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:915:5: note: Taking true branch
|
|
|
ad2f2b |
if (priv->frag_id && g_str_has_prefix (priv->frag_id, "search=")) {
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:916:9: note: Memory is released
|
|
|
ad2f2b |
g_free (priv->frag_id);
|
|
|
ad2f2b |
^~~~~~~~~~~~~~~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:923:34: note: Assuming the condition is false
|
|
|
ad2f2b |
priv->page_id ? "/" : "",
|
|
|
ad2f2b |
^~~~~~~~~~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:923:34: note: '?' condition is false
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:924:34: note: '?' condition is false
|
|
|
ad2f2b |
priv->page_id ? priv->page_id : "",
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:925:34: note: Assuming 'query' is non-null
|
|
|
ad2f2b |
query ? "?" : "",
|
|
|
ad2f2b |
^~~~~
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:925:34: note: '?' condition is true
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:926:34: note: '?' condition is true
|
|
|
ad2f2b |
query ? query : "",
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:927:34: note: '?' condition is false
|
|
|
ad2f2b |
priv->frag_id ? "#" : "",
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:928:34: note: '?' condition is false
|
|
|
ad2f2b |
priv->frag_id ? priv->frag_id : "",
|
|
|
ad2f2b |
^
|
|
|
ad2f2b |
yelp-3.28.1/libyelp/yelp-uri.c:931:5: note: Attempt to free released memory
|
|
|
ad2f2b |
g_free (query);
|
|
|
ad2f2b |
^~~~~~~~~~~~~~
|
|
|
ad2f2b |
929| NULL);
|
|
|
ad2f2b |
930|
|
|
|
ad2f2b |
931|-> g_free (query);
|
|
|
ad2f2b |
932| g_free (document);
|
|
|
ad2f2b |
933| return;
|
|
|
ad2f2b |
---
|
|
|
ad2f2b |
libyelp/yelp-uri.c | 3 ++-
|
|
|
ad2f2b |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
ad2f2b |
|
|
|
ad2f2b |
diff --git a/libyelp/yelp-uri.c b/libyelp/yelp-uri.c
|
|
|
ad2f2b |
index f20b167e..385cb837 100644
|
|
|
ad2f2b |
--- a/libyelp/yelp-uri.c
|
|
|
ad2f2b |
+++ b/libyelp/yelp-uri.c
|
|
|
ad2f2b |
@@ -928,7 +928,8 @@ resolve_help_uri (YelpUri *uri)
|
|
|
ad2f2b |
priv->frag_id ? priv->frag_id : "",
|
|
|
ad2f2b |
NULL);
|
|
|
ad2f2b |
|
|
|
ad2f2b |
- g_free (query);
|
|
|
ad2f2b |
+ if (query)
|
|
|
ad2f2b |
+ g_free (query);
|
|
|
ad2f2b |
g_free (document);
|
|
|
ad2f2b |
return;
|
|
|
ad2f2b |
}
|
|
|
ad2f2b |
--
|
|
|
ad2f2b |
2.19.1
|
|
|
ad2f2b |
|