From 706a9a03bb0a745a1f2db1ed632542a2d2af6021 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Tue, 25 Sep 2018 12:50:54 +0200 Subject: [PATCH] sed: fix double-free in FEATURE_CLEAN_UP code Signed-off-by: Denys Vlasenko --- editors/sed.c | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/editors/sed.c b/editors/sed.c index 470220859..1054c1302 100644 --- a/editors/sed.c +++ b/editors/sed.c @@ -180,18 +180,23 @@ static void sed_free_and_close_stuff(void) if (sed_cmd->sw_file) fclose(sed_cmd->sw_file); - if (sed_cmd->beg_match) { - regfree(sed_cmd->beg_match); - free(sed_cmd->beg_match); - } - if (sed_cmd->end_match) { - regfree(sed_cmd->end_match); - free(sed_cmd->end_match); - } - if (sed_cmd->sub_match) { - regfree(sed_cmd->sub_match); - free(sed_cmd->sub_match); - } + /* Used to free regexps, but now there is code + * in get_address() which can reuse a regexp + * for constructs as /regexp/cmd1;//cmd2 + * leading to double-frees here: + */ + //if (sed_cmd->beg_match) { + // regfree(sed_cmd->beg_match); + // free(sed_cmd->beg_match); + //} + //if (sed_cmd->end_match) { + // regfree(sed_cmd->end_match); + // free(sed_cmd->end_match); + //} + //if (sed_cmd->sub_match) { + // regfree(sed_cmd->sub_match); + // free(sed_cmd->sub_match); + //} free(sed_cmd->string); free(sed_cmd); sed_cmd = sed_cmd_next; -- 2.25.1