Thanks for your patch! I have added a ChangeLog entry and pushed it. Cheers, Giuseppe
Michael Stapelberg <[email protected]> writes: > Hi, > > attached you can find a patch which fixes a double free() in wget when > accessing a URL which uses IDN and redirects. > > -- > Best regards, > Michael > > From 95731736daa93e8d7e24fff7a50dbbdf7a6c45c9 Mon Sep 17 00:00:00 2001 > From: Michael Stapelberg <[email protected]> > Date: Sat, 8 Dec 2012 15:49:05 +0100 > Subject: [PATCH] Bugfix: Avoid double free of iri->orig_url > MIME-Version: 1.0 > Content-Type: text/plain; charset=UTF-8 > Content-Transfer-Encoding: 8bit > > When accessing a URL using IDN which directly redirects to another page, > wget would xfree_null(iri->orig_url); in src/retr.c:retrieve_url() > first, then later xfree_null(iri->orig_url); in src/iri.c:iri_free() > again. > > This can be tested with wget -O /dev/null http://μφ.net > --- > src/retr.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/src/retr.c b/src/retr.c > index 32dc41e..1f1c298 100644 > --- a/src/retr.c > +++ b/src/retr.c > @@ -838,6 +838,8 @@ retrieve_url (struct url * orig_parsed, const char > *origurl, char **file, > iri->utf8_encode = opt.enable_iri; > set_content_encoding (iri, NULL); > xfree_null (iri->orig_url); > + /* Set orig_url to NULL to avoid double free in iri_free() */ > + iri->orig_url = NULL; > > /* Now, see if this new location makes sense. */ > newloc_parsed = url_parse (mynewloc, &up_error_code, iri, true);
