From: Ben Pfaff <blp@gnu.org>
Date: Mon, 15 Feb 2010 22:41:55 +0000 (-0800)
Subject: FACTOR: Avoid freeing indeterminate pointer.
X-Git-Tag: v0.7.5~152
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=200dd4d96febeef4ed0720dfca7fa988676c6afe;p=pspp-builds.git

FACTOR: Avoid freeing indeterminate pointer.

The first test in cmd_factor() is:
    if (!lex_force_match_id (lexer, "VARIABLES"))

If this fails, then control jumps to the "error" label, which frees
factor.vars, which has not been initialized at this point.

This commit fixes the problem by initializing factor.vars to NULL.  It is
not strictly necessary to also initialize factor.n_vars to 0, but it seems
like a good idea.

Found by Clang (http://clang-analyzer.llvm.org).
---

diff --git a/src/language/stats/factor.c b/src/language/stats/factor.c
index 0679c5f5..a53e7334 100644
--- a/src/language/stats/factor.c
+++ b/src/language/stats/factor.c
@@ -524,6 +524,8 @@ cmd_factor (struct lexer *lexer, struct dataset *ds)
   const struct dictionary *dict = dataset_dict (ds);
 
   struct cmd_factor factor;
+  factor.n_vars = 0;
+  factor.vars = NULL;
   factor.method = METHOD_CORR;
   factor.missing_type = MISS_LISTWISE;
   factor.exclude = MV_ANY;