<pre>
$ fossil new foo.fossil
...
$ fossil ticket -R foo.fossil add title test
ticket add succeeded for UID a0e7afe56ceaf2e28dfa79bc1db34aa2a767e7c1
$ fossil ticket -R foo.fossil change a0e7afe56 comment 'foo' --quote
ticket set succeeded for UID a0e7afe56ceaf2e28dfa79bc1db34aa2a767e7c1
$ fossil ticket -R foo.fossil change a0e7afe56 +comment 'foo' --quote
segmentation fault
</pre>
<hr /><i>mistachkin added on 2012-08-08 03:47:31 UTC:</i><br />
Reading the code, I'm somewhat confused about the proposed fix. Perhaps it be something like this instead, given the nature of the other <b>if</b> block enclosed with <b>if( tktEncoding == tktFossilize )</b>?
<verbatim>
Index: src/tkt.c
==================================================================
--- src/tkt.c
+++ src/tkt.c
@@ -1167,11 +1167,11 @@
}else{
blob_appendf(&tktchng, "J%s%s %#F\n", zPfx,
azField[i], strlen(zValue), zValue);
}
if( tktEncoding == tktFossilize ){
- free(azValue[i]);
+ free(zFValue);
}
}
blob_appendf(&tktchng, "K %s\n", zTktUuid);
blob_appendf(&tktchng, "U %F\n", zUser);
md5sum_blob(&tktchng, &cksum);
</verbatim>
<hr /><i>rmax added on 2012-08-08 11:18:20 UTC:</i><br />
Indeed, the distinction whether it is azAppend[i] or azValue[i] that needs to be freed is already being made two if blocks above, so we don't need to repeat it here and can just free zValue.
<hr /><i>drh added on 2012-08-08 12:35:16 UTC:</i><br />
Nothing needs to be freed here. Remember that an instance of Fossil runs
a single command the exits. We don't need to worry about leaking a few
bytes of memory associated with a ticket field. The OS will clean it up
for us.
The simplest and safest fix is to simply omit the free() call.
<hr /><i>rmax added on 2012-08-08 12:52:38 UTC:</i><br />
Yes, [0bc2a94104] fixes it.
|