Ticket #5621: (add_new_entry_cmd): fix Use-after-free.

src/filemanager/hotlist.c:1046:26: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]
 1046 |     if (title == NULL || *title == '\0' || url == NULL || *url == '\0')
      |                          ^~~~~~

 - distinct def_text and title/url
 - simplify and move quick_dialog return evaluation in same function add_new_entry_cmd()

Found by Clang-19 Static Analyzer.

Signed-off-by: Andreas Mohr <and@gmx.li>
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
This commit is contained in:
Andreas Mohr 2024-12-19 16:00:00 +00:00 committed by Andrew Borodin
parent d0d8ae90eb
commit 47761ffc9a

View File

@ -995,14 +995,14 @@ add2hotlist (char *label, char *directory, enum HotListType type, listbox_append
static int static int
add_new_entry_input (const char *header, const char *text1, const char *text2, add_new_entry_input (const char *header, const char *text1, const char *text2,
const char *help, char **r1, char **r2) const char *help, const char *def_text, char **r1, char **r2)
{ {
quick_widget_t quick_widgets[] = { quick_widget_t quick_widgets[] = {
/* *INDENT-OFF* */ /* *INDENT-OFF* */
QUICK_LABELED_INPUT (text1, input_label_above, *r1, "input-lbl", r1, NULL, QUICK_LABELED_INPUT (text1, input_label_above, def_text, "input-lbl", r1, NULL,
FALSE, FALSE, INPUT_COMPLETE_NONE), FALSE, FALSE, INPUT_COMPLETE_NONE),
QUICK_SEPARATOR (FALSE), QUICK_SEPARATOR (FALSE),
QUICK_LABELED_INPUT (text2, input_label_above, *r2, "input-lbl", r2, NULL, QUICK_LABELED_INPUT (text2, input_label_above, def_text, "input-lbl", r2, NULL,
FALSE, FALSE, INPUT_COMPLETE_FILENAMES | INPUT_COMPLETE_CD), FALSE, FALSE, INPUT_COMPLETE_FILENAMES | INPUT_COMPLETE_CD),
QUICK_START_BUTTONS (TRUE, TRUE), QUICK_START_BUTTONS (TRUE, TRUE),
QUICK_BUTTON (N_("&Append"), B_APPEND, NULL, NULL), QUICK_BUTTON (N_("&Append"), B_APPEND, NULL, NULL),
@ -1019,11 +1019,7 @@ add_new_entry_input (const char *header, const char *text1, const char *text2,
quick_widgets, NULL, NULL quick_widgets, NULL, NULL
}; };
int ret; return quick_dialog (&qdlg);
ret = quick_dialog (&qdlg);
return (ret != B_CANCEL) ? ret : 0;
} }
/* --------------------------------------------------------------------------------------------- */ /* --------------------------------------------------------------------------------------------- */
@ -1031,19 +1027,18 @@ add_new_entry_input (const char *header, const char *text1, const char *text2,
static void static void
add_new_entry_cmd (WPanel *panel) add_new_entry_cmd (WPanel *panel)
{ {
char *title, *url, *to_free; char *def_text;
char *title = NULL;
char *url = NULL;
int ret; int ret;
/* Take current directory as default value for input fields */ /* Take current directory as default value for input fields */
to_free = title = url = vfs_path_to_str_flags (panel->cwd_vpath, 0, VPF_STRIP_PASSWORD); def_text = vfs_path_to_str_flags (panel->cwd_vpath, 0, VPF_STRIP_PASSWORD);
ret = add_new_entry_input (_("New hotlist entry"), _("Directory label:"), ret = add_new_entry_input (_("New hotlist entry"), _("Directory label:"),
_("Directory path:"), "[Hotlist]", &title, &url); _("Directory path:"), "[Hotlist]", def_text, &title, &url);
g_free (to_free); g_free (def_text);
if (ret == 0) if (ret == B_CANCEL || title == NULL || *title == '\0' || url == NULL || *url == '\0')
return;
if (title == NULL || *title == '\0' || url == NULL || *url == '\0')
{ {
g_free (title); g_free (title);
g_free (url); g_free (url);