zhangyiss/editline
1
0
Fork 0
mirror of https://github.com/troglobit/editline.git synced 2025-06-24 00:01:12 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix possible out-of-bounds call to free()
Some checks failed
Coverity Scan / coverity (push) Has been cancelled
Details
Bob the Builder / ${{ matrix.compiler }} (clang) (push) Has been cancelled
Details
Bob the Builder / ${{ matrix.compiler }} (gcc) (push) Has been cancelled
Details

Browse Source 
The rl_filename_completion_function() may theoretically step out of
bounds and call free on random pointers.  Found by Coverity Scan.

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This commit is contained in:
Joachim Wiberg 2025-05-24 14:40:38 +02:00
parent 127d995855
commit f735e4d1d5
No known key found for this signature in database
GPG Key ID: ECA826A37B6C7409
1 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/complete.c
View File

@ -273,13 +273,21 @@ char *rl_filename_completion_function(const char *text, int state)
} }
} }
do { while (i > 0)
free(av[--i]); free(av[--i]);
} while (i > 0);
free(av); if (av) {
free(dir); free(av);
free(file); av = NULL;
}
if (dir) {
free(dir);
dir = NULL;
}
if (file) {
free(file);
file = NULL;
}
return NULL; return NULL;
} }