From 2c06c5e38ba1c42733a27444b457b7b67afb8417 Mon Sep 17 00:00:00 2001
From: Kayne Ruse <kayneruse@gmail.com>
Date: Fri, 20 Jan 2023 13:45:00 +0000
Subject: [PATCH] BUGFIX: Buffer overflow

---
 repl/lib_runner.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/repl/lib_runner.c b/repl/lib_runner.c
index eb59132..22aa42f 100644
--- a/repl/lib_runner.c
+++ b/repl/lib_runner.c
@@ -45,7 +45,7 @@ static int nativeLoadScript(Interpreter* interpreter, LiteralArray* arguments) {
 	RefString* path = createRefStringLength( &toCString(drivePath)[driveLength + 1], lengthRefString(drivePath) - driveLength );
 
 	//get the real drive file path
-	Literal driveLiteral = TO_STRING_LITERAL(drive);
+	Literal driveLiteral = TO_STRING_LITERAL(drive); //NOTE: driveLiteral takes ownership of the refString
 	Literal realDriveLiteral = getLiteralDictionary(getDriveDictionary(), driveLiteral);
 
 	if (!IS_STRING(realDriveLiteral)) {
@@ -54,7 +54,6 @@ static int nativeLoadScript(Interpreter* interpreter, LiteralArray* arguments) {
 		interpreter->errorOutput("\n");
 		freeLiteral(realDriveLiteral);
 		freeLiteral(driveLiteral);
-		deleteRefString(drive);
 		deleteRefString(path);
 		deleteRefString(drivePath);
 		freeLiteral(drivePathLiteral);
@@ -65,15 +64,13 @@ static int nativeLoadScript(Interpreter* interpreter, LiteralArray* arguments) {
 	RefString* realDrive = copyRefString(AS_STRING(realDriveLiteral));
 	int realLength = lengthRefString(realDrive) + lengthRefString(path);
 
-	char* filePath = ALLOCATE(char, realLength) +1 + 1; //+1 for null
+	char* filePath = ALLOCATE(char, realLength + 1); //+1 for null
 	snprintf(filePath, realLength, "%s%s", toCString(realDrive), toCString(path));
 
 	//clean up the drivepath stuff
-	FREE_ARRAY(char, filePath, realLength);
 	deleteRefString(realDrive);
 	freeLiteral(realDriveLiteral);
 	freeLiteral(driveLiteral);
-	deleteRefString(drive);
 	deleteRefString(path);
 	deleteRefString(drivePath);
 	freeLiteral(drivePathLiteral);
@@ -105,6 +102,8 @@ static int nativeLoadScript(Interpreter* interpreter, LiteralArray* arguments) {
 	Literal runnerLiteral = TO_OPAQUE_LITERAL(runner, OPAQUE_TAG_RUNNER);
 	pushLiteralArray(&interpreter->stack, runnerLiteral);
 
+	FREE_ARRAY(char, filePath, realLength);
+
 	return 1;
 }