partial_record() does a longjmp() to code near the top of
sys_file_casereader_read() that unrefs the case, but this code at the
end of sys_file_casereader_read() would have already unref'ed it once in
that case, resulting in a double-free.
---
src/data/sys-file-reader.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/data/sys-file-reader.c b/src/data/sys-file-reader.c
index c9c843d..aff21d6 100644
--- a/src/data/sys-file-reader.c
+++ b/src/data/sys-file-reader.c
@@ -1,5 +1,5 @@
/* PSPP - a program for statistical analysis.
- Copyright (C) 1997-9, 2000, 2006, 2007, 2009, 2010 Free Software
Foundation, Inc.
+ Copyright (C) 1997-9, 2000, 2006, 2007, 2009, 2010, 2011 Free Software
Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -1766,11 +1766,11 @@ sys_file_casereader_read (struct casereader *reader,
void *r_)
return c;
eof:
- case_unref (c);
if (i != 0)
partial_record (r);
if (r->case_cnt != -1)
read_error (reader, r);
+ case_unref (c);
return NULL;
}
--
1.7.1
_______________________________________________
pspp-dev mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/pspp-dev
