This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
regcomp.c: Avoid a memory leak
authorKarl Williamson <khw@cpan.org>
Mon, 7 Mar 2016 22:37:11 +0000 (15:37 -0700)
committerKarl Williamson <khw@cpan.org>
Fri, 18 Mar 2016 03:47:16 +0000 (21:47 -0600)
I spotted this in code reading.  The chances of it happening are quite
small.  It could happen under tainting with a user-defined \p{}
property, and /i matching.

regcomp.c

index d49efe8..aae29f1 100644 (file)
--- a/regcomp.c
+++ b/regcomp.c
@@ -15986,6 +15986,10 @@ S_regclass(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth,
                     SAVEFREEPV(name);
                     if (FOLD) {
                         lookup_name = savepv(Perl_form(aTHX_ "__%s_i", name));
+
+                        /* The function call just below that uses this can fail
+                         * to return, leaking memory if we don't do this */
+                        SAVEFREEPV(lookup_name);
                     }
 
                     /* Look up the property name, and get its swash and
@@ -16001,9 +16005,6 @@ S_regclass(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth,
                                              NULL, /* No inversion list */
                                              &swash_init_flags
                                             );
-                    if (lookup_name) {
-                        Safefree(lookup_name);
-                    }
                     if (! swash || ! (invlist = _get_swash_invlist(swash))) {
                         HV* curpkg = (IN_PERL_COMPILETIME)
                                       ? PL_curstash