From 661099bd8da61f97fc3f775dfe1ec5d088fd730d Mon Sep 17 00:00:00 2001
From: Joseph Hunkeler <jhunkeler@gmail.com>
Date: Thu, 30 Jan 2025 23:47:05 -0500
Subject: Duplicate basename to avoid invalid read

---
 src/cli/stasis_indexer/junitxml_report.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/cli/stasis_indexer/junitxml_report.c b/src/cli/stasis_indexer/junitxml_report.c
index d7d8f9a..c3da168 100644
--- a/src/cli/stasis_indexer/junitxml_report.c
+++ b/src/cli/stasis_indexer/junitxml_report.c
@@ -28,7 +28,7 @@ static int write_report_output(struct Delivery *ctx, FILE *destfp, const char *x
         }
 
         char *bname_tmp = strdup(xmlfilename);
-        char *bname = path_basename(bname_tmp);
+        char *bname = strdup(path_basename(bname_tmp));
         if (endswith(bname, ".xml")) {
             bname[strlen(bname) - 4] = 0;
         }
@@ -51,6 +51,8 @@ static int write_report_output(struct Delivery *ctx, FILE *destfp, const char *x
 
         snprintf(result_outfile, sizeof(result_outfile) - strlen(bname) - 3, "%s.md",
                  bname);
+        guard_free(bname);
+
         FILE *resultfp = fopen(result_outfile, "w+");
         if (!resultfp) {
             SYSERROR("Unable to open %s for writing", result_outfile);
-- 
cgit