From 2293eb3c8c80d93ba0988b46344c5785d53d35f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lvaro=20Felipe=20Melchor?= Date: Sun, 5 Jul 2015 19:48:41 +0200 Subject: [PATCH] Fix #2855 - use after free in r_num_calc_index --- libr/core/core.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/libr/core/core.c b/libr/core/core.c index 30331f02735aa..9143bfbff72ae 100644 --- a/libr/core/core.c +++ b/libr/core/core.c @@ -141,12 +141,14 @@ static ut64 num_callback(RNum *userptr, const char *str, int *ok) { } // push state { - char *o = strdup (str+1); - const char *q = r_num_calc_index (core->num, NULL); - r_str_replace_char (o, ']', 0); - n = r_num_math (core->num, o); - r_num_calc_index (core->num, q); - free (o); + if (str[1]) { + char *o = strdup (str+1); + const char *q = r_num_calc_index (core->num, NULL); + r_str_replace_char (o, ']', 0); + n = r_num_math (core->num, o); + r_num_calc_index (core->num, q); + free (o); + } } // pop state if (ok) *ok = 1;