From: Ben Pfaff <blp@gnu.org>
Date: Mon, 15 Feb 2010 22:41:55 +0000 (-0800)
Subject: FACTOR: Avoid freeing indeterminate pointer.
X-Git-Tag: sav-api~393
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=200dd4d96febeef4ed0720dfca7fa988676c6afe;p=pspp

FACTOR: Avoid freeing indeterminate pointer.

The first test in cmd_factor() is:
    if (!lex_force_match_id (lexer, "VARIABLES"))

If this fails, then control jumps to the "error" label, which frees
factor.vars, which has not been initialized at this point.

This commit fixes the problem by initializing factor.vars to NULL.  It is
not strictly necessary to also initialize factor.n_vars to 0, but it seems
like a good idea.

Found by Clang (http://clang-analyzer.llvm.org).
---

diff --git a/src/language/stats/factor.c b/src/language/stats/factor.c
index 0679c5f506..a53e733424 100644
--- a/src/language/stats/factor.c
+++ b/src/language/stats/factor.c
@@ -524,6 +524,8 @@ cmd_factor (struct lexer *lexer, struct dataset *ds)
   const struct dictionary *dict = dataset_dict (ds);
 
   struct cmd_factor factor;
+  factor.n_vars = 0;
+  factor.vars = NULL;
   factor.method = METHOD_CORR;
   factor.missing_type = MISS_LISTWISE;
   factor.exclude = MV_ANY;