Ticket #5621: (add_new_entry_cmd): fix Use-after-free.

src/filemanager/hotlist.c:1046:26: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc] 1046 | if (title == NULL || *title == '\0' || url == NULL || *url == '\0') | ^~~~~~ - distinct def_text and title/url - simplify and move quick_dialog return evaluation in same function add_new_entry_cmd() Found by Clang-19 Static Analyzer. Signed-off-by: Andreas Mohr <and@gmx.li> Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
MidnightCommander · Dec 21, 2024 · 455c178 · 455c178
1 parent 677cd60
commit 455c178
Showing 1 changed file with 11 additions and 16 deletions.
diff --git a/src/filemanager/hotlist.c b/src/filemanager/hotlist.c
@@ -995,14 +995,14 @@ add2hotlist (char *label, char *directory, enum HotListType type, listbox_append
 
 static int
 add_new_entry_input (const char *header, const char *text1, const char *text2,
-                     const char *help, char **r1, char **r2)
+                     const char *help, const char *def_text, char **r1, char **r2)
 {
     quick_widget_t quick_widgets[] = {
         /* *INDENT-OFF* */
-        QUICK_LABELED_INPUT (text1, input_label_above, *r1, "input-lbl", r1, NULL,
+        QUICK_LABELED_INPUT (text1, input_label_above, def_text, "input-lbl", r1, NULL,
                              FALSE, FALSE, INPUT_COMPLETE_NONE),
         QUICK_SEPARATOR (FALSE),
-        QUICK_LABELED_INPUT (text2, input_label_above, *r2, "input-lbl", r2, NULL,
+        QUICK_LABELED_INPUT (text2, input_label_above, def_text, "input-lbl", r2, NULL,
                              FALSE, FALSE, INPUT_COMPLETE_FILENAMES | INPUT_COMPLETE_CD),
         QUICK_START_BUTTONS (TRUE, TRUE),
             QUICK_BUTTON (N_("&Append"), B_APPEND, NULL, NULL),
@@ -1019,31 +1019,26 @@ add_new_entry_input (const char *header, const char *text1, const char *text2,
         quick_widgets, NULL, NULL
     };
 
-    int ret;
-
-    ret = quick_dialog (&qdlg);
-
-    return (ret != B_CANCEL) ? ret : 0;
+    return quick_dialog (&qdlg);
 }
 
 /* --------------------------------------------------------------------------------------------- */
 
 static void
 add_new_entry_cmd (WPanel *panel)
 {
-    char *title, *url, *to_free;
+    char *def_text;
+    char *title = NULL;
+    char *url = NULL;
     int ret;
 
     /* Take current directory as default value for input fields */
-    to_free = title = url = vfs_path_to_str_flags (panel->cwd_vpath, 0, VPF_STRIP_PASSWORD);
-
+    def_text = vfs_path_to_str_flags (panel->cwd_vpath, 0, VPF_STRIP_PASSWORD);
     ret = add_new_entry_input (_("New hotlist entry"), _("Directory label:"),
-                               _("Directory path:"), "[Hotlist]", &title, &url);
-    g_free (to_free);
+                               _("Directory path:"), "[Hotlist]", def_text, &title, &url);
+    g_free (def_text);
 
-    if (ret == 0)
-        return;
-    if (title == NULL || *title == '\0' || url == NULL || *url == '\0')
+    if (ret == B_CANCEL || title == NULL || *title == '\0' || url == NULL || *url == '\0')
     {
         g_free (title);
         g_free (url);