From b255b35feb80ecf096825395e01bccd34ee02b2b Mon Sep 17 00:00:00 2001
From: Nick Alcock <nick.alcock@oracle.com>
Date: Tue, 9 Jun 2020 10:45:07 +0100
Subject: [PATCH] libctf, decl: avoid leaks of the formatted string on error

ctf_decl_sprintf builds up a formatted string in the ctf_decl_t's
cd_buf, but then on error this is hardly ever freed: we assume that
ctf_decl_fini frees it, but it leaks it instead.

Make it free it like any decent ADT should.

libctf/
	* ctf-decl.c (ctf_decl_fini): Free the cd_buf.
	(ctf_decl_buf): Once it escapes, don't try to free it later.
---
 libctf/ChangeLog  | 5 +++++
 libctf/ctf-decl.c | 5 ++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/libctf/ChangeLog b/libctf/ChangeLog
index 288ad6e554d..d840bc418a1 100644
--- a/libctf/ChangeLog
+++ b/libctf/ChangeLog
@@ -1,3 +1,8 @@
+2020-07-22  Nick Alcock  <nick.alcock@oracle.com>
+
+	* ctf-decl.c (ctf_decl_fini): Free the cd_buf.
+	(ctf_decl_buf): Once it escapes, don't try to free it later.
+
 2020-07-22  Nick Alcock  <nick.alcock@oracle.com>
 
 	* ctf-types.c (ctf_type_aname): Print arg types here...
diff --git a/libctf/ctf-decl.c b/libctf/ctf-decl.c
index 5dcf60ab08b..faf421e4765 100644
--- a/libctf/ctf-decl.c
+++ b/libctf/ctf-decl.c
@@ -68,6 +68,7 @@ ctf_decl_fini (ctf_decl_t *cd)
 	  free (cdp);
 	}
     }
+  free (cd->cd_buf);
 }
 
 void
@@ -195,5 +196,7 @@ void ctf_decl_sprintf (ctf_decl_t *cd, const char *format, ...)
 
 char *ctf_decl_buf (ctf_decl_t *cd)
 {
-  return cd->cd_buf;
+  char *buf = cd->cd_buf;
+  cd->cd_buf = NULL;
+  return buf;
 }
-- 
2.30.2