[PATCH] Potential memory leak in argz_replace.c
David Stacey
drstacey@tiscali.co.uk
Mon Jun 1 08:10:00 GMT 2015
On 27/05/2015 11:16, Corinna Vinschen wrote:
> However, there appear to be more issues with this function. E.g., when
> allocating new_argz, it's never tested if the allocation worked. Also,
> the expression `*argz = (char *)realloc(*argz, new_argz_len)', when
> failing, will overwrite *argz with NULL. When that happens the caller
> potentially loses its (un-free'd) argz pointer with no way to recover.
>
> Care to fix those as well?
'Twould be a pleasure.
Dave.
newlib/ChangeLog
2015-05-31 David Stacey <drstacey@tiscali.co.uk>
* libc/argz/argz_replace.c: Corrected behaviour when memory is
exhausted.
-------------- next part --------------
--- a/newlib/libc/argz/argz_replace.c 2015-05-31 20:09:55.427087400 +0100
+++ b/newlib/libc/argz/argz_replace.c 2015-05-31 20:17:01.885917800 +0100
@@ -30,6 +30,7 @@
char *new_argz = NULL;
size_t new_argz_len = 0;
char *new_argz_iter = NULL;
+ char *argz_realloc = NULL;
*replace_count = 0;
new_argz_len = *argz_len;
@@ -45,7 +46,8 @@
if (*replace_count)
{
- new_argz = (char *)malloc(new_argz_len);
+ if (!(new_argz = (char *)malloc(new_argz_len)))
+ return ENOMEM;
buf_iter = *argz;
buf_len = *argz_len;
@@ -70,11 +72,12 @@
memcpy(new_argz_iter, last_iter, *argz + *argz_len - last_iter);
/* reallocate argz, and copy over the new value. */
- if(!(*argz = (char *)realloc(*argz, new_argz_len)))
+ if(!(*argz_realloc = (char *)realloc(*argz, new_argz_len)))
{
free(new_argz);
return ENOMEM;
}
+ argz = argz_realloc;
memcpy(*argz, new_argz, new_argz_len);
*argz_len = new_argz_len;
More information about the Newlib
mailing list