FACTOR: Avoid freeing indeterminate pointer.

The first test in cmd_factor() is:
    if (!lex_force_match_id (lexer, "VARIABLES"))

If this fails, then control jumps to the "error" label, which frees
factor.vars, which has not been initialized at this point.

This commit fixes the problem by initializing factor.vars to NULL.  It is
not strictly necessary to also initialize factor.n_vars to 0, but it seems
like a good idea.

Found by Clang (http://clang-analyzer.llvm.org).

diff --git a/src/language/stats/factor.c b/src/language/stats/factor.c
index 0679c5f506bff96006e576a0e2d2c3968427bfc0..a53e7334240c63aacfa7adad92f7a3ebdf6d2031 100644 (file)
--- a/src/language/stats/factor.c
+++ b/src/language/stats/factor.c
@@ -524,6 +524,8 @@ cmd_factor (struct lexer *lexer, struct dataset *ds)
   const struct dictionary *dict = dataset_dict (ds);
 
   struct cmd_factor factor;
+  factor.n_vars = 0;
+  factor.vars = NULL;
   factor.method = METHOD_CORR;
   factor.missing_type = MISS_LISTWISE;
   factor.exclude = MV_ANY;