nano

commit a5ef013e826bfd10d530dabbd961f9044b95b53f
parent 70da1889ee7e47d1a2915a9fc5441a1bdbea2b1d
Author: Brand Huntsman <alpha@qzx.com>
Date:   Wed, 27 Feb 2019 02:40:18 -0700

history: use an unfreed 'position_history' to avoid a possible crash

The reload_positions_if_needed() routine can free the existing
'position_history' and allocate a new one.  Using the old one,
from before the reload, could lead to a crash.

This fixes https://savannah.gnu.org/bugs/?55792.
Reported-by: Enrico Mioso <mrkiko.rs@gmail.com>

Bug existed since the reloading of the position-history file was
introduced, a year and a half ago, in commit bfc53f30.

Signed-off-by: Brand Huntsman <alpha@qzx.com>

Diffstat:
M
src/history.c
 | 
3
++-

1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/history.c b/src/history.c
@@ -591,7 +591,7 @@ void update_poshistory(char *filename, ssize_t lineno, ssize_t xpos)
  * set line and column to the retrieved values. */
 bool has_old_position(const char *file, ssize_t *line, ssize_t *column)
 {
-	poshiststruct *posptr = position_history;
+	poshiststruct *posptr;
 	char *fullpath = get_full_path(file);
 
 	if (fullpath == NULL)
@@ -599,6 +599,7 @@ bool has_old_position(const char *file, ssize_t *line, ssize_t *column)
 
 	reload_positions_if_needed();
 
+	posptr = position_history;
 	while (posptr != NULL && strcmp(posptr->filename, fullpath) != 0)
 		posptr = posptr->next;