From: Stefan Sperling Subject: fix tog segfault during search To: gameoftrees@openbsd.org Date: Thu, 16 Jun 2022 22:43:06 +0200 When searching in diff or blame views, and pressing n or N repeatedly, tog can segfault in expand_tab. Patch below seems to fix this for me. Reported by Omar on IRC. ok? diff 87411fa9fa02ed103ef9b39edb8f2751155567c7 /home/stsp/src/got blob - bdff5844ccda157277e95325887def00e1f69e73 file + tog/tog.c --- tog/tog.c +++ tog/tog.c @@ -3671,7 +3671,7 @@ search_next_diff_view(struct tog_view *view) struct tog_diff_view_state *s = &view->state.diff; const struct got_error *err = NULL; int lineno; - char *exstr = NULL, *line = NULL; + char *line = NULL; size_t linesize = 0; ssize_t linelen; @@ -3709,24 +3709,26 @@ search_next_diff_view(struct tog_view *view) return got_error_from_errno("fseeko"); } linelen = getline(&line, &linesize, s->f); - err = expand_tab(&exstr, line); - if (err) - break; - if (linelen != -1 && - match_line(exstr, &view->regex, 1, &view->regmatch)) { - view->search_next_done = TOG_SEARCH_HAVE_MORE; - s->matched_line = lineno; - break; + if (linelen != -1) { + char *exstr; + err = expand_tab(&exstr, line); + if (err) + break; + if (match_line(exstr, &view->regex, 1, + &view->regmatch)) { + view->search_next_done = TOG_SEARCH_HAVE_MORE; + s->matched_line = lineno; + free(exstr); + break; + } + free(exstr); } - free(exstr); - exstr = NULL; if (view->searching == TOG_SEARCH_FORWARD) lineno++; else lineno--; } free(line); - free(exstr); if (s->matched_line) { s->first_displayed_line = s->matched_line; @@ -4810,7 +4812,7 @@ search_next_blame_view(struct tog_view *view) struct tog_blame_view_state *s = &view->state.blame; const struct got_error *err = NULL; int lineno; - char *exstr = NULL, *line = NULL; + char *line = NULL; size_t linesize = 0; ssize_t linelen; @@ -4848,24 +4850,26 @@ search_next_blame_view(struct tog_view *view) return got_error_from_errno("fseeko"); } linelen = getline(&line, &linesize, s->blame.f); - err = expand_tab(&exstr, line); - if (err) - break; - if (linelen != -1 && - match_line(exstr, &view->regex, 1, &view->regmatch)) { - view->search_next_done = TOG_SEARCH_HAVE_MORE; - s->matched_line = lineno; - break; + if (linelen != -1) { + char *exstr; + err = expand_tab(&exstr, line); + if (err) + break; + if (match_line(exstr, &view->regex, 1, + &view->regmatch)) { + view->search_next_done = TOG_SEARCH_HAVE_MORE; + s->matched_line = lineno; + free(exstr); + break; + } + free(exstr); } - free(exstr); - exstr = NULL; if (view->searching == TOG_SEARCH_FORWARD) lineno++; else lineno--; } free(line); - free(exstr); if (s->matched_line) { s->first_displayed_line = s->matched_line;