From: Nathan Wagner <nw@hydaspes.if.org>
Date: Sun, 16 Sep 2018 17:23:28 +0000 (+0000)
Subject: fix double free bug
X-Git-Tag: v0.1.6~24
X-Git-Url: https://pd.if.org/git/?p=zpackage;a=commitdiff_plain;h=dfd3c5a3be3e1857b7f85bb01aa7b09b4f721380

fix double free bug
---

diff --git a/lib/findpkg.c b/lib/findpkg.c
index 865f407..6f69876 100644
--- a/lib/findpkg.c
+++ b/lib/findpkg.c
@@ -94,7 +94,7 @@ void zpm_sqlite_error(struct zpm *zpm) {
 
 char *zpm_findpkg(struct zpm *zpm, char *pkgstr) {
 	char *select = "select pkgid, package, version, release from packages_pkgid";
-	char *group = "group by package having max( version||'-'||release collate vercmp) order by length(package), package, version||'-'||release collate vercmp limit 1";
+	char *group = "group by package having max( version||'-'||release collate vercmp) order by length(package), package, version||'-'||release collate vercmp";
 #if 0
 	char *sstr[] = {
 		"status = 'installed'",
@@ -106,7 +106,7 @@ char *zpm_findpkg(struct zpm *zpm, char *pkgstr) {
 //	char *order = "order by package, version collate vercmp, cast(release as integer)";
 	sqlite3_str *sql;
 	sqlite3_stmt *stmt;
-	char *query;
+	char *query, *pkgid;
 	char package[32];
 	char version[32];
 	int release;
@@ -132,9 +132,9 @@ char *zpm_findpkg(struct zpm *zpm, char *pkgstr) {
 
 	sql = sqlite3_str_new(zpm->db);
 	sqlite3_str_appendall(sql, select);
-	sqlite3_str_appendf(sql, " where package = %q", package);
+	sqlite3_str_appendf(sql, " where package = %Q", package);
 	if (*version) {
-		sqlite3_str_appendf(sql, " and version = %q", version);
+		sqlite3_str_appendf(sql, " and version = %Q", version);
 	}
 	if (release) {
 		sqlite3_str_appendf(sql, " and release = %d", release);
@@ -152,12 +152,16 @@ char *zpm_findpkg(struct zpm *zpm, char *pkgstr) {
 	sqlite3_prepare_v2(zpm->db, query, strlen(query), &stmt, NULL);
 	sqlite3_free(query);
 
-	free(zpm->pkgid);
+#if 0
+	if (zpm->pkgid) {
+		free(zpm->pkgid);
+	}
 	zpm->pkgid = 0;
+#endif
 
 	switch (sqlite3_step(stmt)) {
 		case SQLITE_ROW:
-			zpm->pkgid = strdup((const char *)sqlite3_column_text(stmt, 0));
+			pkgid = strdup((const char *)sqlite3_column_text(stmt, 0));
 			break;
 		case SQLITE_DONE:
 			/* not found */
@@ -168,5 +172,5 @@ char *zpm_findpkg(struct zpm *zpm, char *pkgstr) {
 	}
 	sqlite3_finalize(stmt);
 
-	return zpm->pkgid;
+	return pkgid;
 }
diff --git a/lib/script_hash.c b/lib/script_hash.c
index d4f03fa..c559e87 100644
--- a/lib/script_hash.c
+++ b/lib/script_hash.c
@@ -6,8 +6,8 @@
 #include "zpm.h"
 
 int zpm_script_hash(struct zpm *zpm, char *pkgstr, char *phase, char *hash) {
-	char *pkgid;
-	char *template = "select hash from scripts_pkgid where pkgid = %q and phase = %q";
+	char *pkgid = 0;
+	char *template = "select hash from scripts_pkgid where pkgid = %Q and phase = %Q";
 	sqlite3_stmt *st;
 
 	pkgid = zpm_findpkg(zpm, pkgstr);