parse: Fix UAF + double-free when ftruncate() fails

1 files changed, 8 insertions, 5 deletions

diff --git a/parse.c b/parse.c
index a7ee3ab..c257f4e 100644
--- a/parse.c
+++ b/parse.c
@@ -336,6 +336,7 @@ static int expr_open(struct parser_state *state, struct expr *expr, const char *
 
 	FILE *file = NULL;
 	CFILE *cfile = NULL;
+	CFILE *dedup = NULL;
 
 	file = xfopen(path, O_WRONLY | O_CREAT | O_CLOEXEC);
 	if (!file) {
@@ -347,7 +348,7 @@ static int expr_open(struct parser_state *state, struct expr *expr, const char *
 		goto fail;
 	}
 
-	CFILE *dedup = bfs_ctx_dedup(ctx, cfile, path);
+	dedup = bfs_ctx_dedup(ctx, cfile, path);
 	if (!dedup) {
 		goto fail;
 	}
@@ -367,10 +368,12 @@ static int expr_open(struct parser_state *state, struct expr *expr, const char *
 
 fail:
 	parse_error(state, "${blu}%s${rs} ${bld}%s${rs}: %m.\n", expr->argv[0], path);
-	if (cfile) {
-		cfclose(cfile);
-	} else if (file) {
-		fclose(file);
+	if (!dedup) {
+		if (cfile) {
+			cfclose(cfile);
+		} else if (file) {
+			fclose(file);
+		}
 	}
 	return -1;
 }