1
0
mirror of https://github.com/irssi/irssi.git synced 2024-12-04 14:46:39 -05:00

Use-after-frees

Hi folks!

I tried clang-static-analyzer on irssi 1.1.1, it seems like it
finds some things. Here's a diff, but there might be more that you would
want to check, or choose to work differently.

(in special-vars.c, ret is commands->data sometime)

I hope it's not too much trouble if reported as a confidential bug.
Thanks.
This commit is contained in:
coypu@sdf.org 2018-08-11 22:28:14 +00:00 committed by ailin-nemui
parent 19d84bc16e
commit 610ab2dafa
5 changed files with 8 additions and 5 deletions

View File

@ -289,8 +289,9 @@ void modules_deinit(void)
while (list != NULL) { while (list != NULL) {
module_uniq_destroy(list->data); module_uniq_destroy(list->data);
g_free(list->data); gconstpointer tmp = list->data;
list = g_slist_remove(list, list->data); list = g_slist_remove(list, list->data);
g_free(tmp);
} }
g_hash_table_destroy(idlookup); g_hash_table_destroy(idlookup);

View File

@ -64,9 +64,10 @@ static void rawlog_add(RAWLOG_REC *rawlog, char *str)
if (rawlog->nlines < rawlog_lines || rawlog_lines <= 2) if (rawlog->nlines < rawlog_lines || rawlog_lines <= 2)
rawlog->nlines++; rawlog->nlines++;
else { else {
g_free(rawlog->lines->data); gconstpointer tmp = rawlog->lines->data;
rawlog->lines = g_slist_remove(rawlog->lines, rawlog->lines = g_slist_remove(rawlog->lines,
rawlog->lines->data); rawlog->lines->data);
g_free(tmp);
} }
if (rawlog->logging) { if (rawlog->logging) {

View File

@ -620,8 +620,8 @@ void eval_special_string(const char *cmd, const char *data,
/* FIXME: window item would need reference counting as well, /* FIXME: window item would need reference counting as well,
eg. "/EVAL win close;say hello" wouldn't work now.. */ eg. "/EVAL win close;say hello" wouldn't work now.. */
g_free(ret);
commands = g_slist_remove(commands, commands->data); commands = g_slist_remove(commands, commands->data);
g_free(ret);
} }
g_free(orig); g_free(orig);
} }

View File

@ -1424,8 +1424,9 @@ void themes_reload(void)
change_theme(settings_get_str("theme"), FALSE); change_theme(settings_get_str("theme"), FALSE);
while (refs != NULL) { while (refs != NULL) {
theme_unref(refs->data); gconstpointer tmp = refs->data;
refs = g_slist_remove(refs, refs->data); refs = g_slist_remove(refs, refs->data);
theme_unref(tmp);
} }
} }

View File

@ -57,8 +57,8 @@ void dcc_unregister_type(const char *type)
pos = gslist_find_string(dcc_types, type); pos = gslist_find_string(dcc_types, type);
if (pos != NULL) { if (pos != NULL) {
g_free(pos->data);
dcc_types = g_slist_remove(dcc_types, pos->data); dcc_types = g_slist_remove(dcc_types, pos->data);
g_free(pos->data);
} }
} }