Skip to content

ccomps: fix dangling pointer use

Matthew Fernandez requested to merge smattr/graphviz:smattr/884b7c4f-ed2e-4d05-bb14-be5eedf11581 into main

On Ubuntu 23.10, the compiler notices:

  ccomps.c: In function 'gwrite':
  ccomps.c:306:13: warning: dangling pointer to 'name' may be used [-Wdangling-pointer=]
    306 |             free(name);
        |             ^~~~~~~~~~
  ccomps.c:278:12: note: 'name' declared here
    278 |     agxbuf name = {0};
        |            ^~~~
  In file included from /usr/include/stdio.h:964,
                   from ccomps.c:23:
  In function 'fprintf',
      inlined from 'gwrite' at ccomps.c:304:6:
  /usr/include/x86_64-linux-gnu/bits/stdio2.h:79:10: warning: dangling pointer to 'name' may be used [-Wdangling-pointer=]
     79 |   return __fprintf_chk (__stream, __USE_FORTIFY_LEVEL - 1, __fmt,
        |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     80 |                         __va_arg_pack ());
        |                         ~~~~~~~~~~~~~~~~~
  ccomps.c: In function 'gwrite':
  ccomps.c:278:12: note: 'name' declared here
    278 |     agxbuf name = {0};
        |            ^~~~
  ccomps.c:309:9: warning: dangling pointer to 'name' may be used [-Wdangling-pointer=]
    309 |         free(name);
        |         ^~~~~~~~~~
  ccomps.c:278:12: note: 'name' declared here
    278 |     agxbuf name = {0};
        |            ^~~~
  ccomps.c:302:16: warning: dangling pointer to 'name' may be used [-Wdangling-pointer=]
    302 |         outf = fopen(name, "w");
        |                ^~~~~~~~~~~~~~~~
  ccomps.c:278:12: note: 'name' declared here
    278 |     agxbuf name = {0};
        |            ^~~~

The problem is that getName was returning a pointer to a buffer that is not necessarily heap-allocated. The subsequent free calls would corrupt the heap in this case. This bug was introduced in 453d098d.

Merge request reports