Unsafe use of asprintf / unchecked return values #168
Description
Identified by Proton's Lumo AI agent
What the code does
Several places (e.g., in src/git.cpp and src/listview.cpp) build command strings with asprintf:
char *cmd = nullptr; asprintf(&cmd, "git log %s", args);
The return value of asprintf is ignored, and the allocated buffer is later passed to QProcess/MyProcess without verifying that the allocation succeeded.
Why it’s a fault
If the system runs out of memory, asprintf returns –1 and leaves cmd as nullptr. Passing a null pointer to the subsequent runSync/runAsync calls triggers undefined behaviour (often a crash).
Even when allocation succeeds, the code never frees the buffer, leaking memory each time a Git command is executed.
Typical symptom
Random crashes when opening very large repositories or when the app has been running for a long time (memory pressure builds up).
Fix‑point
Check the return value of asprintf, handle the error gracefully (e.g., show a user‑friendly “out‑of‑memory” message), and free(cmd) after the command has been handed off.