[PATCH 3/4] ed: fix double free and infinite loop in join().

From: Thomas Mannay <audiobarrier_AT_openmailbox.org>
Date: Thu, 6 Oct 2016 10:50:06 +0000

---
 ed.c | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/ed.c b/ed.c
index 651ed4e..56c58e3 100644
--- a/ed.c
+++ b/ed.c
_AT_@ -805,22 +805,22 @@ static void
 join(void)
 {
 	int i;
-        char *t, c;
-        size_t len = 0, cap = 0;
-        static char *s;
-
-        free(s);
-        for (s = NULL, i = line1; i <= line2; i = nextln(i)) {
-                for (t = gettxt(i); (c = *t) != '\n'; ++t)
-                        s = addchar(*t, s, &cap, &len);
-        }
-
-        s = addchar('\n', s, &cap, &len);
-        s = addchar('\0', s, &cap, &len);
-        delete(line1, line2);
-        inject(s);
-        free(s);
+	char *t, c;
+	size_t len = 0, cap = 0;
+	char *s;
+
+	for (s = NULL, i = line1;; i = nextln(i)) {
+		for (t = gettxt(i); (c = *t) != '\n'; ++t)
+			s = addchar(*t, s, &cap, &len);
+		if (i == line2)
+			break;
+	}
 
+	s = addchar('\n', s, &cap, &len);
+	s = addchar('\0', s, &cap, &len);
+	delete(line1, line2);
+	inject(s, 1);
+	free(s);
 }
 
 static void
-- 
2.10.0
--Multipart=_Thu__6_Oct_2016_11_04_17_+0000_25tL/22NlhexcG.a
Content-Type: text/x-patch;
 name="0004-ed-wrote-manpage.patch"
Content-Disposition: attachment;
 filename="0004-ed-wrote-manpage.patch"
Content-Transfer-Encoding: 7bit
Received on Mon Sep 17 2001 - 00:00:00 CEST

This archive was generated by hypermail 2.3.0 : Thu Oct 06 2016 - 21:36:12 CEST