From 47761ffc9ab7364b4eb42bacabacdd0f3cf607c6 Mon Sep 17 00:00:00 2001
From: Andreas Mohr <and@gmx.li>
Date: Thu, 19 Dec 2024 16:00:00 +0000
Subject: [PATCH] Ticket #5621: (add_new_entry_cmd): fix Use-after-free.

src/filemanager/hotlist.c:1046:26: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]
 1046 |     if (title == NULL || *title == '\0' || url == NULL || *url == '\0')
      |                          ^~~~~~

 - distinct def_text and title/url
 - simplify and move quick_dialog return evaluation in same function add_new_entry_cmd()

Found by Clang-19 Static Analyzer.

Signed-off-by: Andreas Mohr <and@gmx.li>
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
---
 src/filemanager/hotlist.c | 27 +++++++++++----------------
 1 file changed, 11 insertions(+), 16 deletions(-)

diff --git a/src/filemanager/hotlist.c b/src/filemanager/hotlist.c
index d55df3e76..d898ac0cc 100644
--- a/src/filemanager/hotlist.c
+++ b/src/filemanager/hotlist.c
@@ -995,14 +995,14 @@ add2hotlist (char *label, char *directory, enum HotListType type, listbox_append
 
 static int
 add_new_entry_input (const char *header, const char *text1, const char *text2,
-                     const char *help, char **r1, char **r2)
+                     const char *help, const char *def_text, char **r1, char **r2)
 {
     quick_widget_t quick_widgets[] = {
         /* *INDENT-OFF* */
-        QUICK_LABELED_INPUT (text1, input_label_above, *r1, "input-lbl", r1, NULL,
+        QUICK_LABELED_INPUT (text1, input_label_above, def_text, "input-lbl", r1, NULL,
                              FALSE, FALSE, INPUT_COMPLETE_NONE),
         QUICK_SEPARATOR (FALSE),
-        QUICK_LABELED_INPUT (text2, input_label_above, *r2, "input-lbl", r2, NULL,
+        QUICK_LABELED_INPUT (text2, input_label_above, def_text, "input-lbl", r2, NULL,
                              FALSE, FALSE, INPUT_COMPLETE_FILENAMES | INPUT_COMPLETE_CD),
         QUICK_START_BUTTONS (TRUE, TRUE),
             QUICK_BUTTON (N_("&Append"), B_APPEND, NULL, NULL),
@@ -1019,11 +1019,7 @@ add_new_entry_input (const char *header, const char *text1, const char *text2,
         quick_widgets, NULL, NULL
     };
 
-    int ret;
-
-    ret = quick_dialog (&qdlg);
-
-    return (ret != B_CANCEL) ? ret : 0;
+    return quick_dialog (&qdlg);
 }
 
 /* --------------------------------------------------------------------------------------------- */
@@ -1031,19 +1027,18 @@ add_new_entry_input (const char *header, const char *text1, const char *text2,
 static void
 add_new_entry_cmd (WPanel *panel)
 {
-    char *title, *url, *to_free;
+    char *def_text;
+    char *title = NULL;
+    char *url = NULL;
     int ret;
 
     /* Take current directory as default value for input fields */
-    to_free = title = url = vfs_path_to_str_flags (panel->cwd_vpath, 0, VPF_STRIP_PASSWORD);
-
+    def_text = vfs_path_to_str_flags (panel->cwd_vpath, 0, VPF_STRIP_PASSWORD);
     ret = add_new_entry_input (_("New hotlist entry"), _("Directory label:"),
-                               _("Directory path:"), "[Hotlist]", &title, &url);
-    g_free (to_free);
+                               _("Directory path:"), "[Hotlist]", def_text, &title, &url);
+    g_free (def_text);
 
-    if (ret == 0)
-        return;
-    if (title == NULL || *title == '\0' || url == NULL || *url == '\0')
+    if (ret == B_CANCEL || title == NULL || *title == '\0' || url == NULL || *url == '\0')
     {
         g_free (title);
         g_free (url);