From 6c6bee2ffb0711e86f310f5c592589a7164a0768 Mon Sep 17 00:00:00 2001 From: Mark Nudelman Date: Mon, 23 Nov 2020 16:05:20 -0800 Subject: [PATCH] Fix crash when call set_ifilename with a pointer to the name that is already set in the ifile. In that case it was freeing the existing name and storing the new name, but when they are the same, that stored a pointer to a freed buffer. --- ifile.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ifile.c b/ifile.c index d0c3ed4..13ba9e6 100644 --- a/ifile.c +++ b/ifile.c @@ -115,6 +115,8 @@ new_ifile(filename, prev) p->h_opened = 0; p->h_hold = 0; p->h_filestate = NULL; + p->h_altfilename = NULL; + p->h_altpipe = NULL; link_ifile(p, prev); /* * {{ It's dodgy to call mark.c functions from here; @@ -382,7 +384,7 @@ set_altfilename(ifile, altfilename) char *altfilename; { struct ifile *p = int_ifile(ifile); - if (p->h_altfilename != NULL) + if (p->h_altfilename != NULL && p->h_altfilename != altfilename) free(p->h_altfilename); p->h_altfilename = altfilename; } -- 1.8.3.1