fix crash in wordfree if we_offs is not initialized by the caller

I'm not sure if it's legal for wordexp to modify this field, but this
is the only easy/straightforward fix, and applications should not
care. if it's an issue, i can work out a different (but more complex)
solution later.

diff --git a/src/misc/wordexp.c b/src/misc/wordexp.c
index 4a3efc7..34fc900 100644 (file)
--- a/src/misc/wordexp.c
+++ b/src/misc/wordexp.c
@@ -82,6 +82,8 @@ static int do_wordexp(const char *s, wordexp_t *we, int flags)
                if (we->we_offs > SIZE_MAX/sizeof(void *)/4)
                        return WRDE_NOSPACE;
                i += we->we_offs;
                if (we->we_offs > SIZE_MAX/sizeof(void *)/4)
                        return WRDE_NOSPACE;
                i += we->we_offs;

+       } else {
+               we->we_offs = 0;

        }
 
        if (pipe(p) < 0) return WRDE_NOSPACE;
        }
 
        if (pipe(p) < 0) return WRDE_NOSPACE;