>From 95731736daa93e8d7e24fff7a50dbbdf7a6c45c9 Mon Sep 17 00:00:00 2001
From: Michael Stapelberg <address@hidden>
Date: Sat, 8 Dec 2012 15:49:05 +0100
Subject: [PATCH] Bugfix: Avoid double free of iri->orig_url
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When accessing a URL using IDN which directly redirects to another page,
wget would xfree_null(iri->orig_url); in src/retr.c:retrieve_url()
first, then later xfree_null(iri->orig_url); in src/iri.c:iri_free()
again.

This can be tested with wget -O /dev/null http://μφ.net
---
 src/retr.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/retr.c b/src/retr.c
index 32dc41e..1f1c298 100644
--- a/src/retr.c
+++ b/src/retr.c
@@ -838,6 +838,8 @@ retrieve_url (struct url * orig_parsed, const char *origurl, char **file,
       iri->utf8_encode = opt.enable_iri;
       set_content_encoding (iri, NULL);
       xfree_null (iri->orig_url);
+      /* Set orig_url to NULL to avoid double free in iri_free() */
+      iri->orig_url = NULL;
 
       /* Now, see if this new location makes sense. */
       newloc_parsed = url_parse (mynewloc, &up_error_code, iri, true);
-- 
1.7.10.4