From 03332e8812a64293883d9ed4431511a9c912e4e7 Mon Sep 17 00:00:00 2001
From: terminx <terminx@1a8010ca-5511-0410-912e-c29ae57300e0>
Date: Thu, 25 Oct 2018 23:29:25 +0000
Subject: [PATCH] Fix double free in osdcmd_do() and clean up the variable
 definitions while we're there

git-svn-id: https://svn.eduke32.com/eduke32@7084 1a8010ca-5511-0410-912e-c29ae57300e0
---
 source/duke3d/src/astub.cpp | 28 ++++++++++------------------
 1 file changed, 10 insertions(+), 18 deletions(-)

diff --git a/source/duke3d/src/astub.cpp b/source/duke3d/src/astub.cpp
index 926c1e397..ab47b3599 100644
--- a/source/duke3d/src/astub.cpp
+++ b/source/duke3d/src/astub.cpp
@@ -9081,35 +9081,31 @@ static int32_t osdcmd_disasm(osdfuncparm_t const * const parm)
 
 static int32_t osdcmd_do(osdfuncparm_t const * const parm)
 {
-    intptr_t oscrofs;
-    char *tp;
-    int32_t i, j, slen, ofs, dontsavehist;
-    int32_t onumconstants=g_numSavedConstants;
-
     if (parm->numparms==0)
         return OSDCMD_SHOWHELP;
 
-    oscrofs = (g_scriptPtr-apScript);
+    int32_t onumconstants = g_numSavedConstants;
 
-    ofs = 2*(parm->numparms>0);  // true if "do" command
-    slen = Bstrlen(parm->raw+ofs);
-    tp = (char *)Xmalloc(slen+2);
+    intptr_t oscrofs = (g_scriptPtr-apScript);
+    int32_t  ofs     = 2 * (parm->numparms > 0);  // true if "do" command
+    int32_t  slen    = Bstrlen(parm->raw + ofs);
+    char *   tp      = (char *)Xmalloc(slen+2);
 
     Bmemcpy(tp, parm->raw+ofs, slen);
 
     // M32script call from 'special functions' menu
-    dontsavehist = (slen==0 || tp[0]==' ');
+    int32_t dontsavehist = (slen == 0 || tp[0] == ' ');
 
     // needed so that subsequent commands won't execute old stuff.
-    tp[slen] = '\n';
+    tp[slen]   = '\n';
     tp[slen+1] = '\0';
 
     g_didDefineSomething = 0;
 
     C_Compile(tp, 0);
 
-    if (parm->numparms>=0)
-        Bfree(tp);
+    if (parm->numparms >= 0)
+        DO_FREE_AND_NULL(tp);
 
     if (g_numCompilerErrors)
     {
@@ -9118,16 +9114,12 @@ static int32_t osdcmd_do(osdfuncparm_t const * const parm)
         return OSDCMD_OK;
     }
 
-    for (i=0,j=0; i<MAXEVENTS; i++)
-        if (aEventOffsets[i]>=0)
-            j++;
-
     if (g_didDefineSomething == 0)
     {
         g_numSavedConstants = onumconstants;
 
         *g_scriptPtr = CON_RETURN + (g_lineNumber<<12);
-        g_scriptPtr = apScript + oscrofs;
+        g_scriptPtr  = apScript + oscrofs;
 
         insptr = apScript + oscrofs;
         Bmemcpy(&vm, &vm_default, sizeof(vmstate_t));