Open XVilka opened 1 year ago
static char *cplus_replace_std_multiset(char *input) { 225 char *p = strstr(input, "std::multiset<"); 1. Condition !p, taking false branch. 226 if (!p) { 227 return input; 228 } 229 p += strlen("std::multiset<"); 230 size_t length = cplus_find_type_length(p); 2. Condition length < 1, taking false branch. 231 if (length < 1) { 232 return input; 233 } 234 char *ktype = dem_str_ndup(p, length); 235 char *replace = dem_str_newf("std::multiset<%s>", ktype); 236 char *search = dem_str_newf("std::multiset<%s, std::less<%s>, std::allocator<%s> >", ktype, ktype, ktype); 3. freed_arg: dem_str_replace frees input. [[show details](https://scan3.scan.coverity.com/eventId=13166125-4&modelId=13166125-0&fileInstanceId=100856536&filePath=%2Fsubprojects%2Flibdemangle%2Fsrc%2Fdemangler_util.c&fileStart=33&fileEnd=77)] 237 char *output = dem_str_replace(input, search, replace, 1); 238 free(search); 239 // sometimes std::allocator has an extra space 240 search = dem_str_newf("std::multiset<%s, std::less<%s>, std::allocator<%s > >", ktype, ktype, ktype); 241 output = dem_str_replace(output, search, replace, 1); 242 free(search); 243 search = dem_str_newf("std::multiset<%s, std::greater<%s>, std::allocator<%s> >", ktype, ktype, ktype); CID 416049 (#1-6 of 6): Use after free (USE_AFTER_FREE) 4. pass_freed_arg: Passing freed pointer input as an argument to dem_str_replace. 244 output = dem_str_replace(input, search, replace, 1); 245 free(search); 246 // sometimes std::allocator has an extra space 247 search = dem_str_newf("std::multiset<%s, std::greater<%s>, std::allocator<%s > >", ktype, ktype, ktype); 248 output = dem_str_replace(output, search, replace, 1); 249 free(search); 250 free(replace); 251 free(ktype); 252 return output; 253}
XVilka
commented
1 year ago XVilka
commented
1 year ago