#18 fix use-after-free / fixup trans_lang_get_similar

[Will Dietz]

Fix memory corruption / use-after-free when setting up language.

Basically this method seems intended to change the char * in the caller, but instead changes only its local copy which is especially bad because it frees the original memory first. This leads to crashing or other bugs.
Fix this by passing a char ** and accessing it indirectly.

[Felipe Castro]

In that case, this is an intended behavior: the function should modify the contents of the original variable, as it is a pointer, not a local copy.

[Will Dietz]

Without the patch it modifies a copy, not the original, that's the bug.

Look at the code paths exiting that function (lines modified by this patch) that do...

free(test);
test = strdup(...);
return TRUE;

This allocates a string and stores the pointer to it in the function-local char * "test" which is immediately leaked and does not modify or write to the address of the original.
The original still points at what it did previously, memory which has now been freed.

To store the char * of the new string (returned from strdup) into the original variable (in the caller of this function) you should have a pointer to the original variable (char **), which is what this patch fixes. To update the original you need to pass its address so it can be updated, hence the '&'.

This is a real bug, and needed to be fixed to avoid crashing on every launch when packaging. Please look again?

[Felipe Castro]

Ok, I have understood now. I'll apply the patch in next release, 3.14. Thank you very much!

I had tested a lot that function and it was working even with a pointer copy: strangely, the original pointer got modified by the local assignments (g_free, g_strdup, etc). But I understand that this is not the expected behavior, so I have fixed accordingly to your remark.