Always give heap-allocated strings to sanitize_sql_qtr

author: Tristan Riehs <tristan.riehs@inria.fr> 2026-02-17 19:35:49 +0100
committer: Tristan Riehs <tristan.riehs@inria.fr> 2026-02-17 19:35:49 +0100
commit: 2693ddd9843e0095496b21eda03f667b10666c33 (patch)
tree: 4dc039d3fe1d6d74dba028b9a0ddc925bcedbba3
parent: c91928f04464fa6586acf921d2b0530af4aab82e (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/src/main.c b/src/main.c
index fc04f56..9b85a21 100644
--- a/src/main.c
+++ b/src/main.c
@@ -1232,7 +1232,7 @@ static void ftag_tag_add(int argc, char **argv)
 		fprintf(stderr, "Usage: ftag tag add NAME DESCRIPTION\n");
 		exit(EXIT_FAILURE);
 	}
-	char *new_tag_name = argv[0];
+	char *new_tag_name = strdup(argv[0]);
 	assert(strlen(new_tag_name) <= 255);
 	sanitize_sql_str(&new_tag_name);
 
@@ -1249,7 +1249,7 @@ static void ftag_tag_add(int argc, char **argv)
 	sqlite3_check(rc, db);
 
 	int next_id = table_next_id(db, "tags");
-	char *new_tag_desc = argv[1];
+	char *new_tag_desc = strdup(argv[1]);
 	assert(strlen(new_tag_desc) <= 600);
 	sanitize_sql_str(&new_tag_desc);
 	strbuild(sql, "INSERT INTO tags VALUES(%d, '%s', '%s');",
@@ -1257,6 +1257,8 @@ static void ftag_tag_add(int argc, char **argv)
 	rc = sqlite3_exec(db, sql, NULL, NULL, NULL);
 	sqlite3_check(rc, db);
 	sqlite3_close(db);
+	free(new_tag_name);
+	free(new_tag_desc);
 }
 
 static void ftag_tag_help(int, char **)
author	Tristan Riehs <tristan.riehs@inria.fr>	2026-02-17 19:35:49 +0100
committer	Tristan Riehs <tristan.riehs@inria.fr>	2026-02-17 19:35:49 +0100
commit	2693ddd9843e0095496b21eda03f667b10666c33 (patch)
tree	4dc039d3fe1d6d74dba028b9a0ddc925bcedbba3
parent	c91928f04464fa6586acf921d2b0530af4aab82e (diff)