From 4ec966263444dfae8837cd73b980cfdb9aabd93f Mon Sep 17 00:00:00 2001
From: Tavian Barnes <tavianator@tavianator.com>
Date: Wed, 19 Oct 2022 15:30:48 -0400
Subject: parse: Don't free uninitialized data on error paths

---
 src/parse.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/parse.c b/src/parse.c
index fbb095d..15feac1 100644
--- a/src/parse.c
+++ b/src/parse.c
@@ -136,6 +136,19 @@ struct bfs_expr *bfs_expr_new(bfs_eval_fn *eval_fn, size_t argc, char **argv) {
 	expr->successes = 0;
 	expr->elapsed.tv_sec = 0;
 	expr->elapsed.tv_nsec = 0;
+
+	// Prevent bfs_expr_free() from freeing uninitialized pointers on error paths
+	if (bfs_expr_has_children(expr)) {
+		expr->lhs = NULL;
+		expr->rhs = NULL;
+	} else if (eval_fn == eval_exec) {
+		expr->exec = NULL;
+	} else if (eval_fn == eval_fprintf) {
+		expr->printf = NULL;
+	} else if (eval_fn == eval_regex) {
+		expr->regex = NULL;
+	}
+
 	return expr;
 }
 
-- 
cgit v1.2.3