Hi, attached you can find a patch which fixes a double free() in wget when accessing a URL which uses IDN and redirects.
-- Best regards, Michael
>From 95731736daa93e8d7e24fff7a50dbbdf7a6c45c9 Mon Sep 17 00:00:00 2001 From: Michael Stapelberg <[email protected]> Date: Sat, 8 Dec 2012 15:49:05 +0100 Subject: [PATCH] Bugfix: Avoid double free of iri->orig_url MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When accessing a URL using IDN which directly redirects to another page, wget would xfree_null(iri->orig_url); in src/retr.c:retrieve_url() first, then later xfree_null(iri->orig_url); in src/iri.c:iri_free() again. This can be tested with wget -O /dev/null http://μφ.net --- src/retr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/retr.c b/src/retr.c index 32dc41e..1f1c298 100644 --- a/src/retr.c +++ b/src/retr.c @@ -838,6 +838,8 @@ retrieve_url (struct url * orig_parsed, const char *origurl, char **file, iri->utf8_encode = opt.enable_iri; set_content_encoding (iri, NULL); xfree_null (iri->orig_url); + /* Set orig_url to NULL to avoid double free in iri_free() */ + iri->orig_url = NULL; /* Now, see if this new location makes sense. */ newloc_parsed = url_parse (mynewloc, &up_error_code, iri, true); -- 1.7.10.4
