Overview
| Artifact ID: | 3d071d49fa953dacac3c65d84236a3e6954099b5 |
|---|---|
| Ticket: | 6dba56543b89dc41463174c63c9f11e798c9cfb4
fossil ticket --quote segfaults when adding to the comment |
| User & Date: | drh 2012-08-08 11:21:37 |
Changes
- comment changed to:
<pre> $ fossil new foo.fossil ... $ fossil ticket -R foo.fossil add title test ticket add succeeded for UID a0e7afe56ceaf2e28dfa79bc1db34aa2a767e7c1 $ fossil ticket -R foo.fossil change a0e7afe56 comment 'foo' --quote ticket set succeeded for UID a0e7afe56ceaf2e28dfa79bc1db34aa2a767e7c1 $ fossil ticket -R foo.fossil change a0e7afe56 +comment 'foo' --quote segmentation fault </pre> <hr /><i>mistachkin added on 2012-08-08 03:47:31 UTC:</i><br /> Reading the code, I'm somewhat confused about the proposed fix. Perhaps it be something like this instead, given the nature of the other <b>if</b> block enclosed with <b>if( tktEncoding == tktFossilize )</b>? <verbatim> Index: src/tkt.c ================================================================== --- src/tkt.c +++ src/tkt.c @@ -1167,11 +1167,11 @@ }else{ blob_appendf(&tktchng, "J%s%s %#F\n", zPfx, azField[i], strlen(zValue), zValue); } if( tktEncoding == tktFossilize ){ - free(azValue[i]); + free(zFValue); } } blob_appendf(&tktchng, "K %s\n", zTktUuid); blob_appendf(&tktchng, "U %F\n", zUser); md5sum_blob(&tktchng, &cksum); </verbatim> <hr /><i>rmax added on 2012-08-08 11:18:20 UTC:</i><br /> Indeed, the distinction whether it is azAppend[i] or azValue[i] that needs to be freed is already being made two if blocks above, so we don't need to repeat it here and can just free zValue.