From 5e0032551b52ad24b45b5b2521b0b3d176508527 Mon Sep 17 00:00:00 2001 From: Kalle Olavi Niemitalo Date: Sun, 19 Apr 2009 20:19:07 +0300 Subject: [PATCH] Fix out-of-memory crash in globhist If globhist_simple_search ran out of memory in stracpy(search_url), it could leave gh_last_searched_title pointing to freed memory and cause a crash in the next call. Fix by not freeing gh_last_searched_title. It is then possible to have gh_last_searched_title and gh_last_searched_url pointing to strings from different searches; but that was already possible if stracpy(search_title) failed. Because this bug occurs only in out-of-memory situations and I don't think ELinks in general has been properly tested in those, the fix is perhaps not worth mentioning in NEWS and backporting to elinks-0.11. --- src/globhist/globhist.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/globhist/globhist.c b/src/globhist/globhist.c index 85b4da342..ecb7c901d 100644 --- a/src/globhist/globhist.c +++ b/src/globhist/globhist.c @@ -301,10 +301,7 @@ globhist_simple_search(unsigned char *search_url, unsigned char *search_title) /* Memorize last searched url */ mem_free_set(&gh_last_searched_url, stracpy(search_url)); - if (!gh_last_searched_url) { - mem_free(gh_last_searched_title); - return 0; - } + if (!gh_last_searched_url) return 0; if (!*search_title && !*search_url) { /* No search terms, make all entries visible. */