From bc36813349178c805b670c03130042caaae0a845 Mon Sep 17 00:00:00 2001 From: Benno Schulenberg Date: Mon, 11 Jan 2021 19:36:34 +0100 Subject: [PATCH] memory: avoid leaking the speller or linter command string, when invoked This fixes https://savannah.gnu.org/bugs/?59854. Reported-by: Mike Frysinger Bug existed probably since version 2.9.6, commit 94347f08. --- src/text.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/text.c b/src/text.c index 03df07e5..1239a2e3 100644 --- a/src/text.c +++ b/src/text.c @@ -2142,13 +2142,17 @@ void treat(char *tempfile_name, char *theprogram, bool spelling) if (thepid < 0) { statusline(ALERT, _("Could not fork: %s"), strerror(errornumber)); + free(arguments[0]); return; } else if (!WIFEXITED(program_status) || WEXITSTATUS(program_status) > 2) { statusline(ALERT, _("Error invoking '%s'"), arguments[0]); + free(arguments[0]); return; } else if (WEXITSTATUS(program_status) != 0) statusline(ALERT, _("Program '%s' complained"), arguments[0]); + free(arguments[0]); + /* When the temporary file wasn't touched, say so and leave. */ if (timestamp_sec > 0 && stat(tempfile_name, &fileinfo) == 0 && (long)fileinfo.st_mtim.tv_sec == timestamp_sec && @@ -2561,7 +2565,6 @@ void do_linter(void) int lint_status, lint_fd[2]; pid_t pid_lint; bool helpless = ISSET(NO_HELP); - static char **lintargs = NULL; lintstruct *lints = NULL, *tmplint = NULL, *curlint = NULL; time_t last_wait = 0; @@ -2600,10 +2603,10 @@ void do_linter(void) currmenu = MLINTER; statusbar(_("Invoking linter...")); - construct_argument_list(&lintargs, openfile->syntax->linter, openfile->filename); - /* Fork a process to run the linter in. */ if ((pid_lint = fork()) == 0) { + char **lintargs = NULL; + /* Redirect standard output and standard error into the pipe. */ if (dup2(lint_fd[1], STDOUT_FILENO) < 0) exit(7); @@ -2613,6 +2616,8 @@ void do_linter(void) close(lint_fd[0]); close(lint_fd[1]); + construct_argument_list(&lintargs, openfile->syntax->linter, openfile->filename); + /* Start the linter program; we are using $PATH. */ execvp(lintargs[0], lintargs);