From 2adac0dad3c09e59421870487bfaa050531034bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= Date: Sun, 5 Jul 2026 11:59:18 +0200 Subject: [PATCH] api: do not free dynamic string on error in function string_dyn_concat --- CHANGELOG.md | 1 + doc/en/weechat_plugin_api.en.adoc | 2 ++ doc/fr/weechat_plugin_api.fr.adoc | 2 ++ doc/it/weechat_plugin_api.it.adoc | 3 +++ doc/ja/weechat_plugin_api.ja.adoc | 3 +++ doc/sr/weechat_plugin_api.sr.adoc | 3 +++ src/core/core-string.c | 6 ++---- 7 files changed, 16 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 39256291a..678929359 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ - core: fix possible buffer overflow in command /color alias ([#2330](https://github.com/weechat/weechat/issues/2330)) - core: fix possible buffer overflow in list of commands displayed by /help ([#2330](https://github.com/weechat/weechat/issues/2330)) - core: fix buffer overflow in connection to SOCKS5 proxy ([#2325](https://github.com/weechat/weechat/issues/2325)) +- api: do not free dynamic string on error in function string_dyn_concat - api: fix infinite loop in function string_replace when the search string is empty - irc: limit size of data received from the server to prevent memory exhaustion - irc: fix out-of-bounds read on incoming DCC command with a quoted filename ending the message ([#2322](https://github.com/weechat/weechat/issues/2322)) diff --git a/doc/en/weechat_plugin_api.en.adoc b/doc/en/weechat_plugin_api.en.adoc index 01532a241..59c2e99c8 100644 --- a/doc/en/weechat_plugin_api.en.adoc +++ b/doc/en/weechat_plugin_api.en.adoc @@ -3470,6 +3470,8 @@ Concatenate a string to a dynamic string. The pointer _*string_ can change if the string is reallocated (if there is not enough space to concatenate the string). +In case of error, the dynamic string is left unchanged. + Prototype: [source,c] diff --git a/doc/fr/weechat_plugin_api.fr.adoc b/doc/fr/weechat_plugin_api.fr.adoc index b76e50622..90fd2e280 100644 --- a/doc/fr/weechat_plugin_api.fr.adoc +++ b/doc/fr/weechat_plugin_api.fr.adoc @@ -3528,6 +3528,8 @@ Concaténer une chaîne dans une chaîne dynamique. Le pointeur _*string_ peut changer si la chaîne est réallouée (s'il n'y a pas assez de place pour concaténer la chaîne). +En cas d'erreur, la chaîne dynamique reste inchangée. + Prototype : [source,c] diff --git a/doc/it/weechat_plugin_api.it.adoc b/doc/it/weechat_plugin_api.it.adoc index 4fb7db5a1..8fb69009e 100644 --- a/doc/it/weechat_plugin_api.it.adoc +++ b/doc/it/weechat_plugin_api.it.adoc @@ -3635,6 +3635,9 @@ Concatenate a string to a dynamic string. The pointer _*string_ can change if the string is reallocated (if there is not enough space to concatenate the string). +// TRANSLATION MISSING +In case of error, the dynamic string is left unchanged. + Prototipo: [source,c] diff --git a/doc/ja/weechat_plugin_api.ja.adoc b/doc/ja/weechat_plugin_api.ja.adoc index db6504cff..86333bf00 100644 --- a/doc/ja/weechat_plugin_api.ja.adoc +++ b/doc/ja/weechat_plugin_api.ja.adoc @@ -3585,6 +3585,9 @@ _WeeChat バージョン 1.8 以上で利用可, updated in 3.0_ 文字列が再確保された場合 (文字列を連結するのに十分なサイズが確保されていなかった場合) にはポインタ _*string_ が変わる可能性があります。 +// TRANSLATION MISSING +In case of error, the dynamic string is left unchanged. + プロトタイプ: [source,c] diff --git a/doc/sr/weechat_plugin_api.sr.adoc b/doc/sr/weechat_plugin_api.sr.adoc index 59f16f448..7e635eaa7 100644 --- a/doc/sr/weechat_plugin_api.sr.adoc +++ b/doc/sr/weechat_plugin_api.sr.adoc @@ -3355,6 +3355,9 @@ _WeeChat ≥ 1.8, ажурирано у верзији 3.0._ Показивач на стринг _*string_ може да се промени ако се стринг реалоцира (у случају да нема довољно простора за надовезивање стринга). +// TRANSLATION MISSING +In case of error, the dynamic string is left unchanged. + Прототип: [source,c] diff --git a/src/core/core-string.c b/src/core/core-string.c index 8bfabaef9..4df5f10d1 100644 --- a/src/core/core-string.c +++ b/src/core/core-string.c @@ -4759,6 +4759,8 @@ string_dyn_copy (char **string, const char *new_string) * if the string had to be extended, or the same pointer if there was enough * size to concatenate the new string. * + * In case of error, the dynamic string is left unchanged. + * * Returns: * 1: OK * 0: error @@ -4794,11 +4796,7 @@ string_dyn_concat (char **string, const char *add, int bytes) new_size_alloc = new_size; string_realloc = realloc (ptr_string_dyn->string, new_size_alloc); if (!string_realloc) - { - free (ptr_string_dyn->string); - free (ptr_string_dyn); return 0; - } ptr_string_dyn->string = string_realloc; ptr_string_dyn->size_alloc = new_size_alloc; }