From 60050182703cc647d7fce4f0da669fea8daf62a1 Mon Sep 17 00:00:00 2001
From: robertlipe <robertlipe@f51c46e8-681c-474f-0cfe-069cfd0219fb>
Date: Tue, 31 Dec 2013 16:24:16 +0000
Subject: [PATCH] "fix" use after free in tef.

git-svn-id: http://gpsbabel.googlecode.com/svn/trunk@4674 f51c46e8-681c-474f-0cfe-069cfd0219fb
---
 gpsbabel/tef_xml.cc | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/gpsbabel/tef_xml.cc b/gpsbabel/tef_xml.cc
index daab9674d..707b7c275 100644
--- a/gpsbabel/tef_xml.cc
+++ b/gpsbabel/tef_xml.cc
@@ -127,9 +127,10 @@ tef_list_start(xg_string args, const QXmlStreamAttributes* attrv)
  * fix_notes tries to create a new PointDescription, which
  * should be "Wittlicher Strasse (L34)" for the example above
  */
-
+// FIXME: the calling convention here is screwy.  notes is an input AND
+// output argument and may be modified.
 static char*
-fix_notes(char* name, char* notes)
+fix_notes(const char* name, char* notes)
 {
   const char* cleft, *cright, *cback;
   char* ctmp;
@@ -166,13 +167,13 @@ static char*
 fix_notes(const QString& name, const QString& notes)
 {
 
-// WTH?  fix_notes() modifies the note string...and
-// may reallocate it.
   char* cname = xstrdup(name);
   char* cnotes = xstrdup(notes);
   char *r =  fix_notes(cname, cnotes);
   xfree(cname);
-  xfree(cnotes);
+// WTH?  fix_notes() modifies the note string...and
+// may reallocate it.
+//  xfree(cnotes);
   return r;
 }
 
-- 
2.30.2