Fix bugs that Clang Static Analyzer pointed out:

- Double free - Use-after-free
author: Michihiro NAKAJIMA <ggcueroad@gmail.com> 2012-09-11 20:09:30 +0900
committer: Michihiro NAKAJIMA <ggcueroad@gmail.com> 2012-09-11 20:09:30 +0900
commit: 221f63f2f804134622d744dc0d58e84d19e990e4 (patch)
tree: 5f1f136eb66ab6c5940e52be8692487ac2017a79 /libarchive/archive_string.c
parent: 42090470db132f3938feb99ac35525f56e0b4edf (diff)
download: libarchive-221f63f2f804134622d744dc0d58e84d19e990e4.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/libarchive/archive_string.c b/libarchive/archive_string.c
index 870cf37d..d75966f3 100644
--- a/libarchive/archive_string.c
+++ b/libarchive/archive_string.c
@@ -306,6 +306,9 @@ archive_string_ensure(struct archive_string *as, size_t s)
 	/* Now we can reallocate the buffer. */
 	p = (char *)realloc(as->s, new_length);
 	if (p == NULL) {
+		/* Prevent the duble free of as->s in archive_string_free
+		 * since realloc function already freed the memory. */
+		as->s = NULL;
 		/* On failure, wipe the string and return NULL. */
 		archive_string_free(as);
 		errno = ENOMEM;/* Make sure errno has ENOMEM. */
@@ -1120,8 +1123,8 @@ create_sconv_object(const char *fc, const char *tc,
 	}
 	sc->to_charset = strdup(tc);
 	if (sc->to_charset == NULL) {
-		free(sc);
 		free(sc->from_charset);
+		free(sc);
 		return (NULL);
 	}
 	archive_string_init(&sc->utftmp);
author	Michihiro NAKAJIMA <ggcueroad@gmail.com>	2012-09-11 20:09:30 +0900
committer	Michihiro NAKAJIMA <ggcueroad@gmail.com>	2012-09-11 20:09:30 +0900
commit	221f63f2f804134622d744dc0d58e84d19e990e4 (patch)
tree	5f1f136eb66ab6c5940e52be8692487ac2017a79 /libarchive/archive_string.c
parent	42090470db132f3938feb99ac35525f56e0b4edf (diff)
download	libarchive-221f63f2f804134622d744dc0d58e84d19e990e4.tar.gz