commit 3eb89c44aa788c1b122e7967f4a7a9a3b98322e9
parent 172cdd98c3d34160d6b71991f419caef86c348ca
Author: Cág <ca6c@snopyta.org>
Date: Mon, 19 Oct 2020 16:41:01 -0400
ed: Fix double-free
After join() is called for the first time, s.str is left pointing
to a string that was just freed. Upon the second call to join(),
it is freed again at the start of the function.
Since the string is reset on every function call, there is no reason
for it to be static, so just replace the initial free with assignment
to NULL.
Diffstat:
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ed.c b/ed.c
@@ -839,9 +839,9 @@ join(void)
{
int i;
char *t, c;
- static String s;
+ String s;
- free(s.str);
+ s.str = NULL;
s.siz = s.cap = 0;
for (i = line1;; i = nextln(i)) {
for (t = gettxt(i); (c = *t) != '\n'; ++t)