commit 3eb89c44aa788c1b122e7967f4a7a9a3b98322e9
Author: Cág <[email protected]>
AuthorDate: Mon Oct 19 16:41:01 2020 -0400
Commit: Michael Forney <[email protected]>
CommitDate: Mon Oct 19 14:50:47 2020 -0700
ed: Fix double-free
After join() is called for the first time, s.str is left pointing
to a string that was just freed. Upon the second call to join(),
it is freed again at the start of the function.
Since the string is reset on every function call, there is no reason
for it to be static, so just replace the initial free with assignment
to NULL.
diff --git a/ed.c b/ed.c
index 2ca4d6b..8a0604e 100644
--- a/ed.c
+++ b/ed.c
@@ -839,9 +839,9 @@ join(void)
{
int i;
char *t, c;
- static String s;
+ String s;
- free(s.str);
+ s.str = NULL;
s.siz = s.cap = 0;
for (i = line1;; i = nextln(i)) {
for (t = gettxt(i); (c = *t) != '\n'; ++t)
