[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] Missing sanity checks for malloc()/calloc()/realloc() in
From: |
Tim Ruehsen |
Subject: |
Re: [Bug-wget] Missing sanity checks for malloc()/calloc()/realloc() in wget-1.1x |
Date: |
Tue, 14 Apr 2015 15:15:08 +0200 |
User-agent: |
KMail/4.14.2 (Linux/3.16.0-4-amd64; KDE/4.14.2; x86_64; ; ) |
Thanks, Bill.
I made up a patch to fix warc.c and put your name as 'Reported-by' into the
commit message. The patch has already been sent to the list.
Regards, Tim
On Saturday 11 April 2015 12:25:35 Bill Parker wrote:
> Hello All,
>
> In directory 'src', file 'warc.c', I found some instances where malloc()
> is called, but with no corresponding check for NULL, indicating failure.
>
> In directory 'lib', in file 'getopt.c', there is a call to malloc()
> at line 521, without a check for a return value of NULL, which would
> indicate failure. The patch file which corrects this issue is below:
>
> --- getopt.c.orig 2015-04-10 16:06:03.548095111 -0700
> +++ getopt.c 2015-04-10 16:11:04.544350187 -0700
> @@ -521,6 +521,10 @@
> {
> /* Second or later nonexact match found. */
> struct option_list *newp = malloc (sizeof (*newp));
> + if (newp == NULL) { /* oops, malloc() failed, now what? */
> + /* FIXME - what code do we need here? */
> + fprintf(stderr, "Error: Unable to allocate memory for
> newp...\n");
> + }
> newp->p = p;
> newp->next = ambig_list;
> ambig_list = newp;
>
> In directory 'lib', file 'regcomp.c', at line 894, there is a call
> to calloc() without a check for a return value of NULL, indicating
> failure. The patch file below corrects this issue:
>
> --- regcomp.c.orig 2015-04-10 16:17:40.579684242 -0700
> +++ regcomp.c 2015-04-10 16:19:14.432612466 -0700
> @@ -894,6 +894,8 @@
> break;
>
> dfa->state_table = calloc (sizeof (struct re_state_table_entry),
> table_size);
> + if (BE (dfa->state_table == NULL, 0)) /* couldn't allocate memory, now
> what? */
> + return REG_ESPACE;
> dfa->state_hash_mask = table_size - 1;
>
> dfa->mb_cur_max = MB_CUR_MAX;
>
> I am attaching the patch files to this bug report...
>
> Bill Parker (wp02855 at gmail dot com)
signature.asc
Description: This is a digitally signed message part.