breakp2.c, copynode(), prevent segfault if missing ')'

invoking 'save' with an erronous node, for example save v(thing This can happen unexpectedly for long 'save' lines, which will silently be truncated.
2016-02-27 11:25:42 +01:00 · 2016-02-27 11:25:42 +01:00 · e4e24f74e6
parent 7fc6609821
commit e4e24f74e6
1 changed files with 11 additions and 2 deletions
--- a/src/frontend/breakp2.c
+++ b/src/frontend/breakp2.c
@ -80,6 +80,7 @@ settrace(wordlist *wl, int what, char *name)
                db_type = DB_SAVE;
                break;
            }
+            tfree(s);
            /* wrd_chtrace(NULL, TRUE, what); */
        } else {
            switch (what) {
@ -95,10 +96,12 @@ settrace(wordlist *wl, int what, char *name)
            }
            /* v(2) --> 2, i(vds) --> vds#branch */
            db_nodename1 = copynode(s);
+            tfree(s);
+            if (!db_nodename1)  /* skip on error */
+                continue;
            /* wrd_chtrace(s, TRUE, what); */
        }

-        tfree(s);              /*DG avoid memoy leak */
        d = TMALLOC(struct dbcomm, 1);
        d->db_analysis = name;
        d->db_type = db_type;
@ -157,7 +160,7 @@ copynode(char *s)
    char *l, *r;
    char *ret = NULL;

-    if (strstr(s, "("))
+    if (strchr(s, '('))
        s = stripWhiteSpacesInsideParens(s);
    else
        s = copy(s);
@ -167,6 +170,12 @@ copynode(char *s)
        return s;

    r = strchr(s, ')');
+    if (!r) {
+        fprintf(cp_err, "Warning: Missing ')' in %s\n  Not saved!\n", s);
+        tfree(s);
+        return NULL;
+    }
+
    *r = '\0';
    if (*(l - 1) == 'i' || *(l - 1) == 'I')
        ret = tprintf("%s#branch", l + 1);