From 3bd214defc9881f9e3ddf2dad34c7337aee3a60a Mon Sep 17 00:00:00 2001
From: Tim Retout <diocles@gnu.org>
Date: Wed, 2 Jun 2010 00:05:56 +0100
Subject: [PATCH] Fix segfault when parsing config file.

Signed-off-by: Tim Retout <diocles@gnu.org>
---
 ChangeLog  |  9 +++++++++
 src/util.c | 11 ++++++++---
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index e296045..2abf1bc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2010-06-02  Tim Retout  <diocles@gnu.org>
+
+	Fix Savannah bug #28769 (segfault when parsing config file).
+
+	* src/util.c (CFG_FATAL): Call buffer_ptr on &fname to get
+	configuration filename.
+	* src/util.c (read_config): Delay buffer_uninit call on fname
+	until return points.
+
 2010-03-17  Juergen Daubert  <jue@jue.li>
 	* src/main.c: Fix ngettext calls to use '1' explicitly.  Fixes
 	Savannah bug #29198.
diff --git a/src/util.c b/src/util.c
index 39b8441..17d89e7 100644
--- a/src/util.c
+++ b/src/util.c
@@ -30,7 +30,7 @@
 
 #define CFG_FATAL(body)						\
   do {								\
-    fprintf (stderr, "%s:%s:%d: ", program, fname, line);	\
+    fprintf (stderr, "%s:%s:%d: ", program, buffer_ptr(&fname), line); \
     fprintf body;						\
     fprintf (stderr, "\n");					\
     fflush (stderr);						\
@@ -108,10 +108,13 @@ read_config (char *path, char *file)
 
   fp = fopen (buffer_ptr (&fname), "r");
 
-  buffer_uninit (&fname);
+  /* We wait to uninit the buffer so that CFG_FATAL can use it. */
 
   if (fp == NULL)
-    return 0;
+    {
+      buffer_uninit (&fname);
+      return 0;
+    }
 
   while (fgets (buf, sizeof (buf), fp))
     {
@@ -436,6 +439,8 @@ read_config (char *path, char *file)
       else
 	CFG_FATAL ((stderr, _("illegal option: %s"), token));
     }
+
+  buffer_uninit (&fname);
   return 1;
 }
 
-- 
2.17.1