[PATCH 1/1] ui-repolist: initialize char *buf to NULL
John Keeping
john at keeping.me.uk
Wed Jan 13 09:58:43 CET 2016
On Wed, Jan 13, 2016 at 12:45:03AM +0100, Christian Hesse wrote:
> From: Christian Hesse <mail at eworm.de>
>
> readfile() can fail if the agefile is not readable. Make sure free()
> does not free an ininitialized string.
>
> Signed-off-by: Christian Hesse <mail at eworm.de>
> ---
> ui-repolist.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/ui-repolist.c b/ui-repolist.c
> index a2e9e07..8d982c4 100644
> --- a/ui-repolist.c
> +++ b/ui-repolist.c
> @@ -15,7 +15,7 @@ static time_t read_agefile(char *path)
> {
> time_t result;
> size_t size;
> - char *buf;
> + char *buf = NULL;
> struct strbuf date_buf = STRBUF_INIT;
>
> if (readfile(path, &buf, &size)) {
I wonder if we'd be better off changing readfile() so that it only
updates buf on success (and cleans up after itself on failure).
The only other use of readfile() is in scan-tree.c and in that case we
don't really want to leave a partial value in the result.
Something like this perhaps (untested):
-- >8 --
diff --git a/shared.c b/shared.c
index e216c64..6fc4ee5 100644
--- a/shared.c
+++ b/shared.c
@@ -469,6 +469,8 @@ int readfile(const char *path, char **buf, size_t *size)
{
int fd, e;
struct stat st;
+ char *out;
+ size_t sz;
fd = open(path, O_RDONLY);
if (fd == -1)
@@ -482,12 +484,20 @@ int readfile(const char *path, char **buf, size_t *size)
close(fd);
return EISDIR;
}
- *buf = xmalloc(st.st_size + 1);
- *size = read_in_full(fd, *buf, st.st_size);
+ out = xmalloc(st.st_size + 1);
+ sz = read_in_full(fd, out, st.st_size);
e = errno;
- (*buf)[*size] = '\0';
+ out[sz] = '\0';
close(fd);
- return (*size == st.st_size ? 0 : e);
+
+ if (sz != st.st_size) {
+ free(out);
+ return e;
+ }
+
+ *buf = out;
+ *size = sz;
+ return 0;
}
static int is_token_char(char c)
More information about the CGit
mailing list