From 3478943f2ff5fae36d59667ffed33b9494d22acd Mon Sep 17 00:00:00 2001 From: Dirk Hohndel Date: Mon, 13 Jul 2015 07:09:55 -0700 Subject: [PATCH] Fix memory handling for taxonomy data The way we freed things and cleared out the variables potentially left dangling data behind and could end up calling free on garbage data, leading to random crashes. Signed-off-by: Dirk Hohndel --- divesite.c | 7 ++----- parse-xml.c | 2 +- taxonomy.c | 10 ++++++---- taxonomy.h | 2 +- 4 files changed, 10 insertions(+), 11 deletions(-) diff --git a/divesite.c b/divesite.c index 5c96bb2dd..998fe23bf 100644 --- a/divesite.c +++ b/divesite.c @@ -170,9 +170,7 @@ void copy_dive_site(struct dive_site *orig, struct dive_site *copy) copy->description = copy_string(orig->description); copy->uuid = orig->uuid; if (orig->taxonomy.category == NULL) { - free_taxonomy(copy->taxonomy.category); - copy->taxonomy.category = NULL; - copy->taxonomy.nr = 0; + free_taxonomy(©->taxonomy); } else { if (copy->taxonomy.category == NULL) copy->taxonomy.category = alloc_taxonomy(); @@ -200,6 +198,5 @@ void clear_dive_site(struct dive_site *ds) ds->longitude.udeg = 0; ds->uuid = 0; ds->taxonomy.nr = 0; - free_taxonomy(ds->taxonomy.category); - ds->taxonomy.category = NULL; + free_taxonomy(&ds->taxonomy); } diff --git a/parse-xml.c b/parse-xml.c index fb01d4d63..abca70510 100644 --- a/parse-xml.c +++ b/parse-xml.c @@ -1527,7 +1527,7 @@ static void dive_site_end(void) if (verbose > 3) printf("completed dive site uuid %x8 name {%s}\n", ds->uuid, ds->name); } - free_taxonomy(cur_dive_site->taxonomy.category); + free_taxonomy(&cur_dive_site->taxonomy); free(cur_dive_site); cur_dive_site = NULL; } diff --git a/taxonomy.c b/taxonomy.c index b72616faf..40af9fd44 100644 --- a/taxonomy.c +++ b/taxonomy.c @@ -28,11 +28,13 @@ struct taxonomy *alloc_taxonomy() return calloc(TC_NR_CATEGORIES, sizeof(struct taxonomy)); } -void free_taxonomy(struct taxonomy *t) +void free_taxonomy(struct taxonomy_data *t) { if (t) { - for (int i = 0; i < TC_NR_CATEGORIES; i++) - free((void *)t[i].value); - free(t); + for (int i = 0; i < t->nr; i++) + free((void *)t->category[i].value); + free(t->category); + t->category = NULL; + t->nr = 0; } } diff --git a/taxonomy.h b/taxonomy.h index 9831cfe19..bc42c6119 100644 --- a/taxonomy.h +++ b/taxonomy.h @@ -32,7 +32,7 @@ struct taxonomy_data { }; struct taxonomy *alloc_taxonomy(); -void free_taxonomy(struct taxonomy *t); +void free_taxonomy(struct taxonomy_data *t); #ifdef __cplusplus }