Merge pull request 'Fixed more memory leaks in new features' (#584) from dandelions/snac2:pr-leaks-1 into master

Reviewed-on: https://codeberg.org/grunfink/snac2/pulls/584
author: grunfink 2026-03-17 20:01:15 +0100
committer: grunfink 2026-03-17 20:01:15 +0100
commit: 275685d2eaded279d70212a960f732bf4cd9a1a6 (patch)
tree: 42ff09af85866df81b96eb385d677db5778b8052
parent: Merge pull request 'Fixed buffer overflow read in `xs_evp_genkey()` when crea... (diff)
parent: fix: more memory leaks (diff)
download: snac2-275685d2eaded279d70212a960f732bf4cd9a1a6.tar.gz
snac2-275685d2eaded279d70212a960f732bf4cd9a1a6.tar.xz
snac2-275685d2eaded279d70212a960f732bf4cd9a1a6.zip
2 files changed, 21 insertions, 9 deletions
diff --git a/activitypub.c b/activitypub.c
index 0535269..ed9acf9 100644
--- a/activitypub.c
+++ b/activitypub.c
@@ -645,12 +645,13 @@ xs_list *recipient_list(snac *snac, const xs_dict *msg, int expand_public)
        while (xs_list_iter(&l, &v)) {
            if (expand_public) {
+                xs *followers_url = xs_fmt("%s/followers", snac->actor);
                if (strcmp(v, public_address) == 0 ||
                    /* check if it's a followers collection URL */
                    (xs_type(v) == XSTYPE_STRING &&
-                        strcmp(v, xs_fmt("%s/followers", snac->actor)) == 0) ||
+                        strcmp(v, followers_url) == 0) ||
                    (xs_type(v) == XSTYPE_LIST &&
-                        xs_list_in(v, xs_fmt("%s/followers", snac->actor)) != -1)) {
+                        xs_list_in(v, followers_url) != -1)) {
                    /* iterate the followers and add them */
                    xs *fwers = follower_list(snac);
                    const char *actor;
@@ -1624,6 +1625,7 @@ xs_dict *msg_emoji_init(snac *snac, const char *mid, const char *eid_o)
    else if (*eid == '%') {
        content = xs_url_dec_emoji(xs_dup(eid));
        if (content == NULL) {
+            xs_free(n_msg);
            return NULL;
        }
    }
@@ -1631,8 +1633,10 @@ xs_dict *msg_emoji_init(snac *snac, const char *mid, const char *eid_o)
        content = xs_fmt(":%s:", eid);
        const char *emo = xs_dict_get(emjs, content);
-        if (emo == NULL)
+        if (emo == NULL) {
+            xs_free(n_msg);
            return NULL;
+        }
        if (xs_match(emo, "https://*|http://*")) { /* emoji is an URL to an image */
            icon = xs_dict_set(icon, "type", "Image");
@@ -1667,9 +1671,10 @@ xs_dict *msg_emoji_init(snac *snac, const char *mid, const char *eid_o)
    accounts = xs_list_append(accounts, snac->actor);
+    xs *to_duplicate = xs_dup(xs_list_get(xs_dict_get(n_msg, "to"), 1));
    n_msg = xs_dict_set(n_msg, "content", content);
    n_msg = xs_dict_set(n_msg, "accounts", accounts);
-    n_msg = xs_dict_set(n_msg, "attributedTo", xs_list_get(xs_dict_get(n_msg, "to"), 1));
+    n_msg = xs_dict_set(n_msg, "attributedTo", to_duplicate);
    n_msg = xs_dict_set(n_msg, "accountId", snac->uid);
    n_msg = xs_dict_set(n_msg, "tag", tag);
@@ -1679,6 +1684,7 @@ xs_dict *msg_emoji_init(snac *snac, const char *mid, const char *eid_o)
        return n_msg;
    }
+    xs_free(n_msg);
    return NULL;
 }
@@ -1710,13 +1716,14 @@ xs_dict *msg_emoji_unreact(snac *user, const char *mid, const char *eid)
    if (strlen(eid) == 12 && *eid == '%') {
        eid = xs_url_dec(eid);
        if (eid == NULL) {
+            xs_free(msg);
            return NULL;
        }
    }
    /* lets get all emotes for this msg, and compare it to our content */
    while (xs_list_next(emotes, &v, &c)) {
-        xs_dict *e = NULL;
+        xs *e = NULL;
        if (valid_status(object_get_by_md5(v, &e))) {
            const char *content = xs_dict_get(e, "content");
            const char *id = xs_dict_get(e, "id");
@@ -1730,6 +1737,7 @@ xs_dict *msg_emoji_unreact(snac *user, const char *mid, const char *eid)
        }
    }
+    xs_free(msg);
    return NULL;
 }
diff --git a/html.c b/html.c
index af054a7..9f5ca1d 100644
--- a/html.c
+++ b/html.c
@@ -4112,7 +4112,7 @@ void notify_filter(snac *user, const xs_dict *p_vars)
    int folreq_on = (v = xs_dict_get(p_vars, "folreqs_on")) ? strcmp(v, "on") == 0 : 0;
    int blocks_on = (v = xs_dict_get(p_vars, "blocks_on")) ? strcmp(v, "on") == 0 : 0;
    int polls_on  = (v = xs_dict_get(p_vars, "polls_on")) ? strcmp(v, "on") == 0 : 0;
-    xs_dict *filter = xs_dict_new();
+    xs *filter = xs_dict_new();
    filter = xs_dict_set(filter, "likes", xs_stock(likes_on ? XSTYPE_TRUE : XSTYPE_FALSE));
    filter = xs_dict_set(filter, "reacts", xs_stock(reacts_on ? XSTYPE_TRUE : XSTYPE_FALSE));
    filter = xs_dict_set(filter, "mentions", xs_stock(ments_on ? XSTYPE_TRUE : XSTYPE_FALSE));
@@ -4123,6 +4123,7 @@ void notify_filter(snac *user, const xs_dict *p_vars)
    filter = xs_dict_set(filter, "blocks", xs_stock(blocks_on ? XSTYPE_TRUE : XSTYPE_FALSE));
    filter = xs_dict_set(filter, "polls", xs_stock(polls_on ? XSTYPE_TRUE : XSTYPE_FALSE));
    user->config = xs_dict_set(user->config, "notify_filter", filter);
+    user->tz = xs_dict_get_def(user->config, "tz", "UTC"); // previous line invalidates user->tz
 }
 xs_str *html_notifications(snac *user, int skip, int show)
@@ -4138,7 +4139,9 @@ xs_str *html_notifications(snac *user, int skip, int show)
    xs_html *body = html_user_body(user, 0);
    const xs_dict *n_filter = xs_dict_get(user->config, "notify_filter");
    if (!n_filter) {
-        user->config = xs_dict_set(user->config, "notify_filter", xs_dict_new());
+        xs *filter = xs_dict_new();
+        user->config = xs_dict_set(user->config, "notify_filter", filter);
+        user->tz = xs_dict_get_def(user->config, "tz", "UTC"); // previous line invalidates user->tz
        n_filter = xs_dict_get(user->config, "notify_filter");
    }
    xs *n_list = notify_filter_list(user, n_list_unfilt);
@@ -4159,6 +4162,7 @@ xs_str *html_notifications(snac *user, int skip, int show)
        body);
    xs *filter_notifs_action = xs_fmt("%s/admin/filter-notifications", user->actor);
+    xs *notifs_action = xs_fmt("%s/notifications", user->actor);
    xs_html *notifs_form = xs_html_tag("form",
        xs_html_attr("autocomplete", "off"),
        xs_html_attr("method",       "post"),
@@ -4168,7 +4172,7 @@ xs_str *html_notifications(snac *user, int skip, int show)
        xs_html_sctag("input",
            xs_html_attr("type",    "hidden"),
            xs_html_attr("name",    "hard-redir"),
-            xs_html_attr("value",   xs_fmt("%s/notifications", user->actor))),
+            xs_html_attr("value",   notifs_action)),
        html_checkbox("likes_on", L("Likes"), n_likes_on),
        html_checkbox("reacts_on", L("Emoji reacts"), n_reacts_on),
        html_checkbox("mentions_on", L("Mentions"), n_ments_on),
@@ -5569,7 +5573,7 @@ int html_post_handler(const xs_dict *req, const char *q_path,
            eid = xs_strip_chars_i(eid, ":");
-            const xs_dict *ret = msg_emoji_init(&snac, id, eid);
+            xs *ret = msg_emoji_init(&snac, id, eid);
            /* fails if either invalid or already reacted */
            if (!ret)
                ret = msg_emoji_unreact(&snac, id, eid);
author	grunfink	2026-03-17 20:01:15 +0100
committer	grunfink	2026-03-17 20:01:15 +0100
commit	275685d2eaded279d70212a960f732bf4cd9a1a6 (patch)
tree	42ff09af85866df81b96eb385d677db5778b8052
parent	Merge pull request 'Fixed buffer overflow read in `xs_evp_genkey()` when crea... (diff)
parent	fix: more memory leaks (diff)
download	snac2-275685d2eaded279d70212a960f732bf4cd9a1a6.tar.gz snac2-275685d2eaded279d70212a960f732bf4cd9a1a6.tar.xz snac2-275685d2eaded279d70212a960f732bf4cd9a1a6.zip