Menu

#6 bt_split_name with invalid name bad memory fix

open
Greg Ward
None
5
2004-11-06
2004-03-01
Michael McCracken
No

the problem: calling bt_split_name with a name of ",,,,"
confuses things.

find_tokens returns the incorrect number of tokens (should be
zero, based on what we put into the tokens->items array)

also, bt_split_names seems to assume that the malloc call
returns zeroed structures, which doesn't seem to be the case
on Mac OS X, so we have to explicitly set split_name->tokens
to NULL when we return without finding any tokens.

It gets through parsing OK, but if you try to call bt_free_name
on the returned bt_name, you end up freeing memory you
didn't' malloc.

here's a patch for names.c that does what I describe above:

445a446
> num_tok--;
807a809
> split_name->tokens = NULL;
857a860
> split_name->tokens = NULL;

Discussion

  • Michael McCracken

    Michael McCracken - 2004-03-01

    Logged In: YES
    user_id=506615

    I should be clearer - the first change (num_tok--) avoids a crash
    when calling find_lc_tokens, and the other two avoid the problem I
    described above with freeing invalid memory.

     

  • Greg Ward

    Greg Ward - 2004-11-06
    • assigned_to: nobody --> gward
     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.