commit aacfa18b79f459b8419f424079d50fc5bc263791
Author: Roberto E. Vargas Caballero <k...@shike2.com>
AuthorDate: Wed Nov 29 15:47:51 2023 +0100
Commit: k0ga <Roberto E. Vargas Caballero k...@shike2.com>
CommitDate: Thu Dec 28 17:02:19 2023 +0100
ed: Avoid dangling pointer in getrhs()
If the string r.str is freed but error() is called then
next call will see a pointer that maybe it will try to free
because the call to error unwind the frame stack.
diff --git a/ed.c b/ed.c
index 63f46c3..a5eea16 100644
--- a/ed.c
+++ b/ed.c
@@ -1102,9 +1102,9 @@ getrhs(int delim)
}
if (!strcmp("%", s.str)) {
- free(s.str);
if (!rhs)
error("no previous substitution");
+ free(s.str);
} else {
free(rhs);
rhs = s.str;
