Hello All,
In reviewing code in directory 'support, file 'man2html.c', I found
numerous instances of calls to malloc() being made, without a check for
a return value of NULL, indicating failure. The patch file below adds
the checks after calls to malloc():
--- man2html.c.orig 2015-07-08 13:29:35.000000000 -0700
+++ man2html.c 2015-07-08 13:48:49.000000000 -0700
@@ -1253,8 +1253,16 @@
clear_table(*result);
}
layout = currow = (TABLEROW *) malloc(sizeof(TABLEROW));
+ if (currow == NULL) {
+ fprintf(stderr, "man2html: out of memory in scan_format()");
+ exit(EXIT_FAILURE);
+ }
currow->next = currow->prev = NULL;
currow->first = curfield = (TABLEITEM *) malloc(sizeof(TABLEITEM));
+ if (curfield == NULL) {
+ fprintf(stderr, "man2html: out of memory in scan_format()");
+ exit(EXIT_FAILURE);
+ }
*curfield = emptyfield;
while (*c && *c != '.') {
switch (*c) {
@@ -1274,6 +1282,10 @@
case '_':
if (curfield->align) {
curfield->next = (TABLEITEM *) malloc(sizeof(TABLEITEM));
+ if (curfield->next == NULL) {
+ fprintf(stderr, "man2html: out of memory in scan_format()");
+ exit(EXIT_FAILURE);
+ }
curfield = curfield->next;
*curfield = emptyfield;
}
@@ -1354,10 +1366,18 @@
case ',':
case '\n':
currow->next = (TABLEROW *) malloc(sizeof(TABLEROW));
+ if (currow->next == NULL) {
+ fprintf(stderr, "man2html: out of memory in scan_format()");
+ exit(EXIT_FAILURE);
+ }
currow->next->prev = currow;
currow = currow->next;
currow->next = NULL;
curfield = currow->first = (TABLEITEM *) malloc(sizeof(TABLEITEM));
+ if (currow->first == NULL) {
+ fprintf(stderr, "man2html: out of memory in scan_format()");
+ exit(EXIT_FAILURE);
+ }
*curfield = emptyfield;
c++;
break;
@@ -1397,12 +1417,20 @@
TABLEITEM *ti, *ti2;
tr->next = (TABLEROW *) malloc(sizeof(TABLEROW));
+ if (tr->next == NULL) {
+ fprintf(stderr, "man2html: out of memory in next_row()");
+ exit(EXIT_FAILURE);
+ }
tr->next->prev = tr;
ti = tr->first;
tr = tr->next;
tr->next = NULL;
if (ti)
tr->first = ti2 = (TABLEITEM *) malloc(sizeof(TABLEITEM));
+ if (ti2 == NULL) {
+ fprintf(stderr, "man2html: out of memory in next_row()");
+ exit(EXIT_FAILURE);
+ }
else
tr->first = ti2 = NULL;
while (ti != ti2) {
@@ -1410,6 +1438,10 @@
ti2->contents = NULL;
if ((ti = ti->next)) {
ti2->next = (TABLEITEM *) malloc(sizeof(TABLEITEM));
+ if (ti2->next == NULL) {
+ fprintf(stderr, "man2html: out of memory in next_row()");
+ exit(EXIT_FAILURE);
+ }
}
ti2 = ti2->next;
}
@@ -1501,16 +1533,28 @@
if (c[-1] == '\n' && c[1] == '\n') {
if (currow->prev) {
currow->prev->next = (TABLEROW *) malloc(sizeof(TABLEROW));
+ if (currow->prev->next == NULL) {
+ fprintf(stderr, "man2html: out of memory in scan_table()");
+ exit(EXIT_FAILURE);
+ }
currow->prev->next->next = currow;
currow->prev->next->prev = currow->prev;
currow->prev = currow->prev->next;
} else {
currow->prev = layout = (TABLEROW *) malloc(sizeof(TABLEROW));
+ if (layout == NULL) {
+ fprintf(stderr, "man2html: out of memory in scan_table()");
+ exit(EXIT_FAILURE);
+ }
currow->prev->prev = NULL;
currow->prev->next = currow;
}
curfield = currow->prev->first =
(TABLEITEM *) malloc(sizeof(TABLEITEM));
+ if (currow->prev->first == NULL) {
+ fprintf(stderr, "man2html: out of memory in scan_table()");
+ exit(EXIT_FAILURE);
+ }
*curfield = emptyfield;
curfield->align = *c;
curfield->colspan = maxcol;
@@ -2246,6 +2290,10 @@
de = de->next;
if (!de) {
de = (STRDEF *) malloc(sizeof(STRDEF));
+ if (de == NULL) {
+ fprintf(stderr, "man2html: out of memory in scan_request()");
+ exit(EXIT_FAILURE);
+ }
de->nr = i;
de->slen = 0;
de->next = strdef;
@@ -2295,6 +2343,10 @@
char *h;
de = (STRDEF *) malloc(sizeof(STRDEF));
+ if (de == NULL) {
+ fprintf(stderr, "man2html: out of memory in scan_request()");
+ exit(EXIT_FAILURE);
+ }
de->nr = i;
de->slen = 0;
de->next = strdef;
@@ -2988,6 +3040,10 @@
intd = intd->next;
if (!intd) {
intd = (INTDEF *) malloc(sizeof(INTDEF));
+ if (intd == NULL) {
+ fprintf(stderr, "man2html: out of memory in scan_request()");
+ exit(EXIT_FAILURE);
+ }
intd->nr = i;
intd->val = 0;
intd->incr = 0;
@@ -3061,6 +3117,10 @@
de->st = h;
} else {
de = (STRDEF *) malloc(sizeof(STRDEF));
+ if (de == NULL) {
+ fprintf(stderr, "man2html: out of memory in scan_request()");
+ exit(EXIT_FAILURE);
+ }
de->nr = i;
de->next = defdef;
de->st = h;
Comments, Questions, Suggestions, etc?
I am attaching the patch file to this bug report.
Bill Parker (wp02855 at gmail dot com)