Fix memory corruption on error in parse_selector_schema

Author: mgreter

src/eval.cpp

@@ -1783,11 +1783,28 @@ namespace Sass {
     Expression_Obj sel = s->contents()->perform(this);
     std::string result_str(sel->to_string(ctx.c_options));
     result_str = unquote(Util::rtrim(result_str));
-    Parser p = Parser::from_c_str(result_str.c_str(), ctx, s->pstate());
+    char* temp_cstr = sass_copy_c_string(result_str.c_str());
+    ctx.strings.push_back(temp_cstr); // attach to context
+    Parser p = Parser::from_c_str(temp_cstr, ctx, s->pstate());
     p.last_media_block = s->media_block();
     // a selector schema may or may not connect to parent?
     bool chroot = s->connect_parent() == false;
     Selector_List_Obj sl = p.parse_selector_list(chroot);
+    auto vec_str_rend = ctx.strings.rend();
+    auto vec_str_rbegin = ctx.strings.rbegin();
+    // remove the first item searching from the back
+    // we cannot assume our item is still the last one
+    // order is not important, so we can optimize this
+    auto it = std::find(vec_str_rbegin, vec_str_rend, temp_cstr);
+    // undefined behavior if not found!
+    if (it != vec_str_rend) {
+      // overwrite with last item
+      *it = ctx.strings.back();
+      // remove last one from vector
+      ctx.strings.pop_back();
+      // free temporary copy
+      free(temp_cstr);
+    }
     flag_is_in_selector_schema.reset();
     return operator()(sl);
   }

src/file.cpp

@@ -415,7 +415,7 @@ namespace Sass {
           file.seekg(0, std::ios::beg);
           file.read(contents, size);
           contents[size+0] = '\0';
-          contents[size+0] = '\0';
+          contents[size+1] = '\0';
           file.close();
         }
       #endif