From 51080737df84c3ef4f8c17fb004c93b7d7a2850a Mon Sep 17 00:00:00 2001 From: Eliseo Martínez Date: Mon, 10 Nov 2014 11:18:27 +0100 Subject: Fix warnings: hardcopy.c: mch_print_text_out(): Bad free: FP + RI. Problem : Bad free @ 3058. Diagnostic : False positive uncovering a real issue. Rationale : Signaled error occurs if p gets assigned `(char_u*)""` at line 3009 and then is freed at line 3058. But that cannot happen because of the last guard condition before `free` (`*p != NUL`). So, signaled error is a false positive. Now, examining this code more carefully reveals a real issue: not freeing an empty string may not be always correct, as an empty (but allocated) string could also be returned in `p = string_convert(&prt_conv, p, &len);` if passed '&len' points to 0). Which would in fact be a memory leak. Resolution : Remove the exceptional case. Make p always point to allocated memory, and always free it, when `prt_do_conv` is on. --- src/nvim/hardcopy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/nvim/hardcopy.c b/src/nvim/hardcopy.c index c6354d6c5f..2ef35fdac6 100644 --- a/src/nvim/hardcopy.c +++ b/src/nvim/hardcopy.c @@ -3006,7 +3006,7 @@ int mch_print_text_out(char_u *p, int len) /* Convert from multi-byte to 8-bit encoding */ p = string_convert(&prt_conv, p, &len); if (p == NULL) - p = (char_u *)""; + p = (char_u *)xstrdup(""); } if (prt_out_mbyte) { @@ -3054,7 +3054,7 @@ int mch_print_text_out(char_u *p, int len) } /* Need to free any translated characters */ - if (prt_do_conv && (*p != NUL)) + if (prt_do_conv) free(p); prt_text_run += char_width; -- cgit