less(1): fix some memory leaks
This does not fix all "leaks" that may be detected. In particular during program initialization copies of a few strings and such are made and those copies may persist. However, those are benign as the program does not continuously leak memory. Furthermore, fixing all of them would be substantially more effort than its worth -- in fact the code to "fix" this would grow the text size of the program by more than the couple of bytes of leaked memory! Patch from Garrett D'Amore https://github.com/gdamore/less-fork/commit/b2f362eb4dea171265ab2aff059cbbeca075664e Index: screen.c === RCS file: /cvs/src/usr.bin/less/screen.c,v retrieving revision 1.24 diff -u -r1.24 screen.c --- screen.c8 Jul 2016 15:23:44 - 1.24 +++ screen.c4 Jan 2017 17:36:00 - @@ -396,9 +396,9 @@ if (*sc_move == '\0') { t2 = ""; } else { - t2 = estrdup(tparm(sc_move, 0, 0, 0, 0, 0, 0, 0, 0, 0)); + t2 = tparm(sc_move, 0, 0, 0, 0, 0, 0, 0, 0, 0); } - sc_home = cheaper(t1, t2, "|\b^"); + sc_home = estrdup(cheaper(t1, t2, "|\b^")); /* * Choose between using "ll" and "cm" ("lower left" and "cursor move") @@ -410,10 +410,9 @@ if (*sc_move == '\0') { t2 = ""; } else { - t2 = estrdup(tparm(sc_move, sc_height-1, - 0, 0, 0, 0, 0, 0, 0, 0)); + t2 = tparm(sc_move, sc_height-1, 0, 0, 0, 0, 0, 0, 0, 0); } - sc_lower_left = cheaper(t1, t2, "\r"); + sc_lower_left = estrdup(cheaper(t1, t2, "\r")); /* * Get carriage return string. Index: search.c === RCS file: /cvs/src/usr.bin/less/search.c,v retrieving revision 1.18 diff -u -r1.18 search.c --- search.c17 Sep 2016 15:06:41 - 1.18 +++ search.c4 Jan 2017 17:36:00 - @@ -92,9 +92,10 @@ static int set_pattern(struct pattern_info *info, char *pattern, int search_type) { - if (pattern == NULL) + if (pattern == NULL) { + uncompile_pattern(>compiled); info->compiled = NULL; - else if (compile_pattern(pattern, search_type, >compiled) < 0) + } else if (compile_pattern(pattern, search_type, >compiled) < 0) return (-1); /* Pattern compiled successfully; save the text too. */ free(info->text);
less(1): carefully handle null in strchr arguments
The environment variable LESSBINFMT is not properly validated. If it is set to "*", less will perform an out of boundary access. This happens because strchr can be called with '\0' as second argument. Such a call won't return NULL but the address of the '\0' in the string. Therefore, the checkfmt function won't notice that the environment variable is invalid. -- The file line.c has the same issue but I'm not sure if '\0' is a valid code in an ANSI sequence or not. Patch from Tobias Stoeckmann https://github.com/gdamore/less-fork/commit/c4eae4da7b51ec0125dcc40df2523c8c8e5387d2 Index: charset.c === RCS file: /cvs/src/usr.bin/less/charset.c,v retrieving revision 1.19 diff -u -r1.19 charset.c --- charset.c 17 Sep 2016 15:06:41 - 1.19 +++ charset.c 4 Jan 2017 14:48:46 - @@ -37,7 +37,7 @@ if (*s == '*') {/* skip leading attribute if there */ s++; - if (strchr("dksu", *s) == NULL) { + if (*s == '\0' || strchr("dksu", *s) == NULL) { return (-1); } s++; @@ -57,7 +57,8 @@ if (seen) { return (-1);/* 2nd % format item! */ } - while (strchr(" '+-0#", *s) != NULL) { /* skip flags */ + /* skip flags */ + while (*s != '\0' && strchr(" '+-0#", *s) != NULL) { s++; } while (isdigit(*s)) { /* skip width */ @@ -78,7 +79,7 @@ s++; } - if (strchr("cCdiouxX", *s) == NULL) { + if (*s == '\0' || strchr("cCdiouxX", *s) == NULL) { /* bad or evil format character (%s, %n, etc.) */ return (-1); }
sort(1): fix segfault with -m flag
sort segfaults when using the -m flag and no files. It should default to stdin instead. Easily reproducible with a simple: sort -m Index: sort.c === RCS file: /cvs/src/usr.bin/sort/sort.c,v retrieving revision 1.86 diff -u -r1.86 sort.c --- sort.c 14 Jul 2016 08:31:18 - 1.86 +++ sort.c 4 Jan 2017 11:19:49 - @@ -1224,7 +1224,10 @@ struct file_list fl; file_list_init(, false); - file_list_populate(, argc, argv, true); + if (argc < 1) + file_list_add(, "-", true); + else + file_list_populate(, argc, argv, true); merge_files(, outfile); file_list_clean(); }
xargs(1): remove unused variable
The repllen variable is not used anywhere. Index: strnsubst.c === RCS file: /cvs/src/usr.bin/xargs/strnsubst.c,v retrieving revision 1.5 diff -u -r1.5 strnsubst.c --- strnsubst.c 27 Oct 2009 23:59:50 - 1.5 +++ strnsubst.c 3 Jan 2017 10:26:22 - @@ -31,7 +31,7 @@ strnsubst(char **str, const char *match, const char *replstr, size_t maxsize) { char *s1, *s2, *this; - size_t matchlen, repllen, s2len; + size_t matchlen, s2len; int n; if ((s1 = *str) == NULL) @@ -50,7 +50,6 @@ *s2 = '\0'; s2len = 0; matchlen = strlen(match); - repllen = strlen(replstr); for (;;) { if ((this = strstr(s1, match)) == NULL) break;