From a5ef013e826bfd10d530dabbd961f9044b95b53f Mon Sep 17 00:00:00 2001 From: Brand Huntsman Date: Wed, 27 Feb 2019 02:40:18 -0700 Subject: [PATCH] history: use an unfreed 'position_history' to avoid a possible crash The reload_positions_if_needed() routine can free the existing 'position_history' and allocate a new one. Using the old one, from before the reload, could lead to a crash. This fixes https://savannah.gnu.org/bugs/?55792. Reported-by: Enrico Mioso Bug existed since the reloading of the position-history file was introduced, a year and a half ago, in commit bfc53f30. Signed-off-by: Brand Huntsman --- src/history.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/history.c b/src/history.c index a7fa10c3..783d4364 100644 --- a/src/history.c +++ b/src/history.c @@ -591,7 +591,7 @@ void update_poshistory(char *filename, ssize_t lineno, ssize_t xpos) * set line and column to the retrieved values. */ bool has_old_position(const char *file, ssize_t *line, ssize_t *column) { - poshiststruct *posptr = position_history; + poshiststruct *posptr; char *fullpath = get_full_path(file); if (fullpath == NULL) @@ -599,6 +599,7 @@ bool has_old_position(const char *file, ssize_t *line, ssize_t *column) reload_positions_if_needed(); + posptr = position_history; while (posptr != NULL && strcmp(posptr->filename, fullpath) != 0) posptr = posptr->next;