diff options
| author | Eliseo Martínez <eliseomarmol@gmail.com> | 2014-11-10 11:18:27 +0100 |
|---|---|---|
| committer | Eliseo Martínez <eliseomarmol@gmail.com> | 2014-11-11 01:43:13 +0100 |
| commit | 51080737df84c3ef4f8c17fb004c93b7d7a2850a (patch) | |
| tree | 11091b6c5be4b6a14b7a7e50b8fdf66bddc5fb0e | |
| parent | 6d057a2ca53f295f2db9a89b924f904128e4ce34 (diff) | |
| download | rneovim-51080737df84c3ef4f8c17fb004c93b7d7a2850a.tar.gz rneovim-51080737df84c3ef4f8c17fb004c93b7d7a2850a.tar.bz2 rneovim-51080737df84c3ef4f8c17fb004c93b7d7a2850a.zip | |
Fix warnings: hardcopy.c: mch_print_text_out(): Bad free: FP + RI.
Problem : Bad free @ 3058.
Diagnostic : False positive uncovering a real issue.
Rationale : Signaled error occurs if p gets assigned `(char_u*)""` at
line 3009 and then is freed at line 3058. But that cannot
happen because of the last guard condition before `free`
(`*p != NUL`). So, signaled error is a false positive.
Now, examining this code more carefully reveals a real
issue: not freeing an empty string may not be always
correct, as an empty (but allocated) string could also be
returned in `p = string_convert(&prt_conv, p, &len);` if
passed '&len' points to 0). Which would in fact be a memory
leak.
Resolution : Remove the exceptional case. Make p always point to
allocated memory, and always free it, when `prt_do_conv` is
on.
| -rw-r--r-- | src/nvim/hardcopy.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/nvim/hardcopy.c b/src/nvim/hardcopy.c index c6354d6c5f..2ef35fdac6 100644 --- a/src/nvim/hardcopy.c +++ b/src/nvim/hardcopy.c @@ -3006,7 +3006,7 @@ int mch_print_text_out(char_u *p, int len) /* Convert from multi-byte to 8-bit encoding */ p = string_convert(&prt_conv, p, &len); if (p == NULL) - p = (char_u *)""; + p = (char_u *)xstrdup(""); } if (prt_out_mbyte) { @@ -3054,7 +3054,7 @@ int mch_print_text_out(char_u *p, int len) } /* Need to free any translated characters */ - if (prt_do_conv && (*p != NUL)) + if (prt_do_conv) free(p); prt_text_run += char_width; |