Fix segfault when parsing config file.

Signed-off-by: Tim Retout <diocles@gnu.org>

diff --git a/ChangeLog b/ChangeLog
index e296045..2abf1bc 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2010-06-02  Tim Retout  <diocles@gnu.org>
+
+       Fix Savannah bug #28769 (segfault when parsing config file).
+
+       * src/util.c (CFG_FATAL): Call buffer_ptr on &fname to get
+       configuration filename.
+       * src/util.c (read_config): Delay buffer_uninit call on fname
+       until return points.
+
 2010-03-17  Juergen Daubert  <jue@jue.li>
        * src/main.c: Fix ngettext calls to use '1' explicitly.  Fixes
        Savannah bug #29198.

diff --git a/src/util.c b/src/util.c
index 39b8441..17d89e7 100644 (file)
--- a/src/util.c
+++ b/src/util.c
@@ -30,7 +30,7 @@
 
 #define CFG_FATAL(body)                                                \
   do {                                                         \
-    fprintf (stderr, "%s:%s:%d: ", program, fname, line);      \
+    fprintf (stderr, "%s:%s:%d: ", program, buffer_ptr(&fname), line); \
     fprintf body;                                              \
     fprintf (stderr, "\n");                                    \
     fflush (stderr);                                           \
@@ -108,10 +108,13 @@ read_config (char *path, char *file)
 
   fp = fopen (buffer_ptr (&fname), "r");
 
-  buffer_uninit (&fname);
+  /* We wait to uninit the buffer so that CFG_FATAL can use it. */
 
   if (fp == NULL)
-    return 0;
+    {
+      buffer_uninit (&fname);
+      return 0;
+    }
 
   while (fgets (buf, sizeof (buf), fp))
     {
@@ -436,6 +439,8 @@ read_config (char *path, char *file)
       else
        CFG_FATAL ((stderr, _("illegal option: %s"), token));
     }
+
+  buffer_uninit (&fname);
   return 1;
 }