I am looking at ostc_prepare_data function and do not fully understand the code. It looks like in successful case ldc_dat memory allocation is freed and we end up pointing to unallocated data in our data structures. However, the failure case ends up leaking memory.
Is the attached patch correct or am I missing something? (I have nothing to test the code with.) miika
From 86f2ab88163b61b664b83e586809d97f4f0845e7 Mon Sep 17 00:00:00 2001 From: Miika Turkia <[email protected]> Date: Wed, 9 Sep 2015 18:26:27 +0300 Subject: [PATCH] Fix memory corruption on ostc prepare data Memory should be freed only on failure. Signed-off-by: Miika Turkia <[email protected]> --- ostctools.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ostctools.c b/ostctools.c index a1727ce..c70b02d 100644 --- a/ostctools.c +++ b/ostctools.c @@ -53,9 +53,10 @@ static int ostc_prepare_data(int data_model, dc_family_t dc_fam, device_data_t * ldc_dat->vendor = copy_string(data_descriptor->vendor); ldc_dat->model = copy_string(data_descriptor->product); *dev_data = *ldc_dat; - } else + } else { + free(ldc_dat); return 0; - free(ldc_dat); + } return 1; } -- 2.1.4
_______________________________________________ subsurface mailing list [email protected] http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
