summary refs log tree commit diff
diff options
context:
space:
mode:
authorClint Adams <clint@users.sourceforge.net>2008-10-14 23:41:13 +0000
committerClint Adams <clint@users.sourceforge.net>2008-10-14 23:41:13 +0000
commitd6c692599f0838e9d6fe240ba958a7205042191b (patch)
tree4e5fda558a334ae9a77961cf5194dc44d44c7038
parent4622e326bd5be7cc9ad99131de8f8f897af48f13 (diff)
downloadzsh-d6c692599f0838e9d6fe240ba958a7205042191b.tar.gz
zsh-d6c692599f0838e9d6fe240ba958a7205042191b.tar.xz
zsh-d6c692599f0838e9d6fe240ba958a7205042191b.zip
25898: avoid dereference of p after it is freed in getmathfunc.
-rw-r--r--ChangeLog3
-rw-r--r--Src/module.c3
2 files changed, 5 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index b8b6f40fc..4912e14d3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2008-10-14  Clint Adams  <clint@zsh.org>
 
+	* 25898: Src/module.c: avoid dereference of p after it is freed
+	in getmathfunc.
+
 	* 25897: Src/Zle/computil.c: remove small bit of dead code in
 	cfp_opt_pats.
 
diff --git a/Src/module.c b/Src/module.c
index d507d8202..8e5586e6d 100644
--- a/Src/module.c
+++ b/Src/module.c
@@ -1266,10 +1266,11 @@ getmathfunc(const char *name, int autol)
 	if (!strcmp(name, p->name)) {
 	    if (autol && p->module && !(p->flags & MFF_USERFUNC)) {
 		char *n = dupstring(p->module);
+		int flags = p->flags;
 
 		removemathfunc(q, p);
 
-		(void)ensurefeature(n, "f:", (p->flags & MFF_AUTOALL) ? NULL :
+		(void)ensurefeature(n, "f:", (flags & MFF_AUTOALL) ? NULL :
 				    name);
 
 		return getmathfunc(name, 0);