From a2c0835007b66cfd8789d83d252ed33e45f8de38 Mon Sep 17 00:00:00 2001 From: Michael Stapelberg Date: Sat, 8 Dec 2012 15:49:05 +0100 Subject: [PATCH] Bugfix: Avoid double free of iri->orig_url MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When accessing a URL using IDN which directly redirects to another page, wget would xfree_null(iri->orig_url); in src/retr.c:retrieve_url() first, then later xfree_null(iri->orig_url); in src/iri.c:iri_free() again. This can be tested with wget -O /dev/null http://μφ.net --- src/ChangeLog | 5 +++++ src/retr.c | 1 + 2 files changed, 6 insertions(+) diff --git a/src/ChangeLog b/src/ChangeLog index f374605a..18a26694 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2012-12-08 Michael Stapelberg (tiny change) + + * retr.c (retrieve_url): Set iri->orig_url to NULL after it is + freed. + 2012-11-26 Giuseppe Scrivano * wget.h (MAX_INT_TO_STRING_LEN): Define macro. diff --git a/src/retr.c b/src/retr.c index 32dc41e2..0d564ef6 100644 --- a/src/retr.c +++ b/src/retr.c @@ -838,6 +838,7 @@ retrieve_url (struct url * orig_parsed, const char *origurl, char **file, iri->utf8_encode = opt.enable_iri; set_content_encoding (iri, NULL); xfree_null (iri->orig_url); + iri->orig_url = NULL; /* Now, see if this new location makes sense. */ newloc_parsed = url_parse (mynewloc, &up_error_code, iri, true);