This code malloc's a harp_operation_string_comparison_filter and then
directly initializes all fields aside from value. Afterwards it tries to
strdupvariable_name and if that fails (due to a out-of-memory error) it
will error out and cleanup the allocated struct via
string_comparison_filter_delete.
string_comparison_filter_delete does the following check on the passed in
struct where it will free the memory behind value if it's not NULL:
if (operation->value != NULL)
{
free(operation->value);
}
However, because value is not initialized yet, this code actually randomly
calls free with the uninitialized pointer value as the argument.
svniemeijer
commented
2 years ago
This code malloc's a
harp_operation_string_comparison_filterand then directly initializes all fields aside fromvalue. Afterwards it tries tostrdupvariable_nameand if that fails (due to a out-of-memory error) it will error out and cleanup the allocated struct viastring_comparison_filter_delete.string_comparison_filter_deletedoes the following check on the passed in struct where it will free the memory behindvalueif it's not NULL:However, because
valueis not initialized yet, this code actually randomly calls free with the uninitialized pointer value as the argument.