diff options
| author |   pelikan <pelikan@openbsd.org> | 2013-11-26 17:48:01 +0000 |
|---|---|---|
| committer | pelikan <pelikan@openbsd.org> | 2013-11-26 17:48:01 +0000 |
| commit | 4a8138252cb650a33d9f5e30ca8a5ff9a5942865 (patch) | |
| tree | afd3627a0dd0ded70dedb66d4a47a4dc78f77613 | |
| parent | Tweak a tortuous manual loop into a TAILQ_FOREACH(). (diff) | |
| download | wireguard-openbsd-4a8138252cb650a33d9f5e30ca8a5ff9a5942865.tar.xz wireguard-openbsd-4a8138252cb650a33d9f5e30ca8a5ff9a5942865.zip | |
fix a possible double-free/NULL deref in msg_print
While there, initialize some variables on unusual paths.
Found by clang static analyzer, ok krw.
| -rw-r--r-- | usr.bin/vi/common/msg.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/usr.bin/vi/common/msg.c b/usr.bin/vi/common/msg.c index d11c9b98235..3466c710526 100644 --- a/usr.bin/vi/common/msg.c +++ b/usr.bin/vi/common/msg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: msg.c,v 1.18 2009/10/27 23:59:47 deraadt Exp $ */ +/* $OpenBSD: msg.c,v 1.19 2013/11/26 17:48:01 pelikan Exp $ */ /*- * Copyright (c) 1991, 1993, 1994 @@ -160,8 +160,10 @@ retry: FREE_SPACE(sp, bp, blen); } /* If nothing to format, we're done. */ - if (fmt == NULL) + if (fmt == NULL) { + len = 0; goto nofmt; + } fmt = msg_cat(sp, fmt, NULL); #ifndef NL_ARGMAX @@ -516,7 +518,7 @@ msgq_status(sp, lno, flags) ep = bp + blen; /* Copy in the filename. */ - for (p = bp, t = sp->frp->name; *t != '\0'; ++t) { + for (t = sp->frp->name; *t != '\0'; ++t) { len = KEY_LEN(sp, *t); memcpy(p, KEY_NAME(sp, *t), len); p += len; @@ -861,12 +863,13 @@ retry: if (sp == NULL) free(bp); else FREE_SPACE(sp, bp, blen); - needfree = 0; + *needfree = 0; } nlen += 256; if (sp == NULL) { if ((bp = malloc(nlen)) == NULL) goto alloc_err; + blen = 0; } else GET_SPACE_GOTO(sp, bp, blen, nlen); if (0) { |