From 3eb89c44aa788c1b122e7967f4a7a9a3b98322e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A1g?= Date: Mon, 19 Oct 2020 16:41:01 -0400 Subject: [PATCH] ed: Fix double-free After join() is called for the first time, s.str is left pointing to a string that was just freed. Upon the second call to join(), it is freed again at the start of the function. Since the string is reset on every function call, there is no reason for it to be static, so just replace the initial free with assignment to NULL. --- ed.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ed.c b/ed.c index 2ca4d6b..8a0604e 100644 --- a/ed.c +++ b/ed.c @@ -839,9 +839,9 @@ join(void) { int i; char *t, c; - static String s; + String s; - free(s.str); + s.str = NULL; s.siz = s.cap = 0; for (i = line1;; i = nextln(i)) { for (t = gettxt(i); (c = *t) != '\n'; ++t)