From c8812a2d2c8d0ab5e79ddf374e1c2b2235de9810 Mon Sep 17 00:00:00 2001
From: Joseph Hunkeler <jhunkeler@gmail.com>
Date: Wed, 29 Apr 2026 13:19:45 -0400
Subject: split: free on error

---
 src/lib/core/str.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/lib/core')

diff --git a/src/lib/core/str.c b/src/lib/core/str.c
index 501c232..c80666b 100644
--- a/src/lib/core/str.c
+++ b/src/lib/core/str.c
@@ -93,7 +93,6 @@ char** split(char *_sptr, const char* delim, size_t max)
     // Duplicate the input string and save a copy of the pointer to be freed later
     char *orig = _sptr;
     char *sptr = strdup(orig);
-
     if (!sptr) {
         return NULL;
     }
@@ -134,6 +133,8 @@ char** split(char *_sptr, const char* delim, size_t max)
         }
         result[i] = calloc(STASIS_BUFSIZ, sizeof(char));
         if (!result[i]) {
+            guard_free(sptr);
+            guard_array_n_free(result, i);
             return NULL;
         }
         strncpy(result[i], token, STASIS_BUFSIZ - 1);
@@ -145,6 +146,8 @@ char** split(char *_sptr, const char* delim, size_t max)
         // append the remaining string contents to array
         result[i] = calloc(STASIS_BUFSIZ, sizeof(char));
         if (!result[i]) {
+            guard_free(sptr);
+            guard_array_n_free(result, i);
             return NULL;
         }
         strncpy(result[i], &orig[pos], STASIS_BUFSIZ - 1);
@@ -227,7 +230,7 @@ char *join_ex(char *separator, ...) {
     result = calloc(size + 1, sizeof(char));
     for (size_t i = 0; i < argc; i++) {
         // Append argument to string
-        strncat(result, argv[i], size - strlen(result)); // no -1 because +1 above
+        strncat(result, argv[i], size - (result ? strlen(result) - 1 : 0)); // no -1 because +1 above
 
         // Do not append a trailing separator when we reach the last argument
         if (i < (argc - 1)) {
-- 
cgit