summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Berthold Stoeger <bstoeger@mail.tuwien.ac.at>2020-03-16 18:00:20 +0100
committerGravatar Dirk Hohndel <dirk@hohndel.org>2020-03-16 10:57:12 -0700
commit71f573da2aff3ace922605320fb576bf3d8117c7 (patch)
treee14ffbdb985f20b86f2c4fcd150b0ba3fbaba720
parent0a463aad362cbc4194cfda6a534acd59b8b7fd53 (diff)
downloadsubsurface-71f573da2aff3ace922605320fb576bf3d8117c7.tar.gz
git: return strdup()ed empty string on error in pop_cstring
The pop_cstring() function is used by the git parser to duplicate a quoted string. On error, it returns an empty string literal. Since the caller expects a copied string and takes ownership of that string, it will ultimately be freed. Concrete example: a log with erroneous cylinder data was opened getting such an empty string literal as description. On closing or syncing with the cloud, the dive is freed, leading to a free of the string literal -> crash. Return a copy of the empty string instead. Signed-off-by: Berthold Stoeger <bstoeger@mail.tuwien.ac.at>
-rw-r--r--core/load-git.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/core/load-git.c b/core/load-git.c
index 9d36e4e39..e99bc9af0 100644
--- a/core/load-git.c
+++ b/core/load-git.c
@@ -334,11 +334,11 @@ static char *pop_cstring(struct membuffer *str, const char *err)
if (!str) {
report_error("git-load: string marker without any strings ('%s')", err);
- return "";
+ return strdup("");
}
if (!str->len) {
report_error("git-load: string marker after running out of strings ('%s')", err);
- return "";
+ return strdup("");
}
len = strlen(mb_cstring(str)) + 1;
return remove_from_front(str, len);