Fix uaf and another memleak

libr/anal/op.c

@@ -46,13 +46,19 @@ R_API void r_anal_op_fini(RAnalOp *op) {
 	r_anal_value_free (op->src[2]);
 	r_anal_value_free (op->dst);
 	r_anal_switch_op_free (op->switch_op);
-	free (op->mnemonic);
-	memset (op, 0, sizeof (RAnalOp));
+	op->src[0] = NULL;
+	op->src[1] = NULL;
+	op->src[2] = NULL;
+	op->dst = NULL;
+	op->var = NULL;
+	op->switch_op = NULL;
+	R_FREE (op->mnemonic);
 }
 
 R_API void r_anal_op_free(void *_op) {
 	if (!_op) return;
 	r_anal_op_fini (_op);
+	memset (_op, 0, sizeof (RAnalOp));
 	free (_op);
 }
 

libr/bin/bin.c

@@ -733,7 +733,7 @@ R_API int r_bin_load_io_at_offset_as_sz(RBin *bin, RIODesc *desc, ut64 baseaddr,
 		binfile = r_bin_file_new_from_bytes (bin, desc->name, buf_bytes, sz,
 			file_sz, bin->rawstr, baseaddr, loadaddr, desc->fd, name, NULL, offset);
 	}
-	free (buf_bytes); //heap use after free
+	// free (buf_bytes); //heap use after free
 	return binfile? r_bin_file_set_cur_binfile (bin, binfile): false;
 }
 

libr/core/core.c

@@ -258,6 +258,7 @@ static ut64 num_callback(RNum *userptr, const char *str, int *ok) {
 		// TODO: group analop-dependant vars after a char, so i can filter
 		r_anal_op (core->anal, &op, core->offset,
 			core->block, core->blocksize);
+		r_anal_op_fini (&op); // we dont need strings or pointers, just values, which are not nullified in fini
 		switch (str[1]) {
 		case '.': // can use pc, sp, a0, a1, ...
 			return r_debug_reg_get (core->dbg, str+2);

sys/xx.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+ID="$1"
+
+if [ -z "$ID" ]; then
+	echo "Usage: sys/xx.sh [travis-job-id]"
+	exit 1
+fi
+
+curl -L "https://api.travis-ci.org/jobs/${ID}/log.txt?deansi=true"