From: Derick Rethans Date: Tue, 4 Sep 2007 11:19:33 +0000 (+0000) Subject: - We have to store the original (allocated) pointer here as it was freed after X-Git-Tag: RELEASE_2_0_0a1~1884 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f009a49ff4cd983ead3645c1e59a6efccb9e32d4;p=php - We have to store the original (allocated) pointer here as it was freed after the pointer itself was modified, otherwise we'll get an invalid free error here. --- diff --git a/main/snprintf.c b/main/snprintf.c index 3db627ef61..f24b146944 100644 --- a/main/snprintf.c +++ b/main/snprintf.c @@ -597,7 +597,7 @@ static int format_converter(register buffy * odp, const char *fmt, va_list ap) / char num_buf[NUM_BUF_SIZE]; char char_buf[2]; /* for printing %% and % */ - zend_bool free_s; /* free string if allocated here */ + char *s_to_free; /* tmp var to keep the string to be freed in */ #ifdef HAVE_LOCALE_H struct lconv *lconv = NULL; @@ -630,7 +630,7 @@ static int format_converter(register buffy * odp, const char *fmt, va_list ap) / alternate_form = print_sign = print_blank = NO; pad_char = ' '; prefix_char = NUL; - free_s = 0; + s_to_free = NULL; s_unicode = 0; fmt++; @@ -989,7 +989,7 @@ fmt_unicode: return (cc); } s = res; - free_s = 1; + s_to_free = s; pad_char = ' '; break; @@ -1202,7 +1202,7 @@ fmt_error: s++; } - if (free_s) efree(s); + if (s_to_free) efree(s_to_free); if (adjust_width && adjust == LEFT && min_width > s_len) PAD(min_width, s_len, pad_char);