Fix a number of potential memory leaks around REALLOC(). More are lurking.

This commit is contained in:
Fred L. Drake, Jr. 2002-05-17 03:41:34 +00:00
parent 5b5c48d4a3
commit 3edce7a7ca

View File

@ -1147,8 +1147,13 @@ int XML_Parse(XML_Parser parser, const char *s, int len, int isFinal)
if (nLeftOver) { if (nLeftOver) {
if (buffer == 0 || nLeftOver > bufferLim - buffer) { if (buffer == 0 || nLeftOver > bufferLim - buffer) {
/* FIXME avoid integer overflow */ /* FIXME avoid integer overflow */
buffer = buffer == 0 ? MALLOC(len * 2) : REALLOC(buffer, len * 2); char *temp;
/* FIXME storage leak if realloc fails */ temp = buffer == 0 ? MALLOC(len * 2) : REALLOC(buffer, len * 2);
if (temp == NULL) {
errorCode = XML_ERROR_NO_MEMORY;
return 0;
}
buffer = temp;
if (!buffer) { if (!buffer) {
errorCode = XML_ERROR_NO_MEMORY; errorCode = XML_ERROR_NO_MEMORY;
eventPtr = eventEndPtr = 0; eventPtr = eventEndPtr = 0;
@ -1665,12 +1670,16 @@ doContent(XML_Parser parser,
/* Need to guarantee that: /* Need to guarantee that:
tag->buf + ROUND_UP(tag->rawNameLength, sizeof(XML_Char)) tag->buf + ROUND_UP(tag->rawNameLength, sizeof(XML_Char))
<= tag->bufEnd - sizeof(XML_Char) */ <= tag->bufEnd - sizeof(XML_Char) */
if (tag->rawNameLength + (int)(sizeof(XML_Char) - 1) + (int)sizeof(XML_Char) > tag->bufEnd - tag->buf) { if (tag->rawNameLength + (int)(sizeof(XML_Char) - 1)
+ (int)sizeof(XML_Char) > tag->bufEnd - tag->buf) {
int bufSize = tag->rawNameLength * 4; int bufSize = tag->rawNameLength * 4;
bufSize = ROUND_UP(bufSize, sizeof(XML_Char)); bufSize = ROUND_UP(bufSize, sizeof(XML_Char));
tag->buf = REALLOC(tag->buf, bufSize); {
if (!tag->buf) char *temp = REALLOC(tag->buf, bufSize);
if (temp == NULL)
return XML_ERROR_NO_MEMORY; return XML_ERROR_NO_MEMORY;
tag->buf = temp;
}
tag->bufEnd = tag->buf + bufSize; tag->bufEnd = tag->buf + bufSize;
} }
memcpy(tag->buf, tag->rawName, tag->rawNameLength); memcpy(tag->buf, tag->rawName, tag->rawNameLength);
@ -1696,9 +1705,12 @@ doContent(XML_Parser parser,
if (fromPtr == rawNameEnd) if (fromPtr == rawNameEnd)
break; break;
bufSize = (tag->bufEnd - tag->buf) << 1; bufSize = (tag->bufEnd - tag->buf) << 1;
tag->buf = REALLOC(tag->buf, bufSize); {
if (!tag->buf) char *temp = REALLOC(tag->buf, bufSize);
if (temp == NULL)
return XML_ERROR_NO_MEMORY; return XML_ERROR_NO_MEMORY;
tag->buf = temp;
}
tag->bufEnd = tag->buf + bufSize; tag->bufEnd = tag->buf + bufSize;
if (nextPtr) if (nextPtr)
tag->rawName = tag->buf; tag->rawName = tag->buf;
@ -1959,10 +1971,12 @@ static enum XML_Error storeAtts(XML_Parser parser, const ENCODING *enc,
n = XmlGetAttributes(enc, attStr, attsSize, atts); n = XmlGetAttributes(enc, attStr, attsSize, atts);
if (n + nDefaultAtts > attsSize) { if (n + nDefaultAtts > attsSize) {
int oldAttsSize = attsSize; int oldAttsSize = attsSize;
ATTRIBUTE *temp;
attsSize = n + nDefaultAtts + INIT_ATTS_SIZE; attsSize = n + nDefaultAtts + INIT_ATTS_SIZE;
atts = REALLOC((void *)atts, attsSize * sizeof(ATTRIBUTE)); temp = REALLOC((void *)atts, attsSize * sizeof(ATTRIBUTE));
if (!atts) if (temp == NULL)
return XML_ERROR_NO_MEMORY; return XML_ERROR_NO_MEMORY;
atts = temp;
if (n > oldAttsSize) if (n > oldAttsSize)
XmlGetAttributes(enc, attStr, n, atts); XmlGetAttributes(enc, attStr, n, atts);
} }