bug-gnulib
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] canonicalize-lgpl: fix memory leak

From: Paul Eggert
Subject: [PATCH] canonicalize-lgpl: fix memory leak
Date: Sun, 22 Nov 2020 23:41:28 -0800 
* lib/canonicalize-lgpl.c (__realpath): Fix unlikely memory leak,
which could have occurred if BUF was so large that malloc was
called.  Do this by allocating EXTRA_BUF and BUF at the same time;
this eliminates the need to free BUF separately.
---
 ChangeLog               |  8 ++++++++
 lib/canonicalize-lgpl.c | 29 ++++++++---------------------
 2 files changed, 16 insertions(+), 21 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 42195d232..044b12d8c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2020-11-22  Paul Eggert  <eggert@cs.ucla.edu>
+
+       canonicalize-lgpl: fix memory leak
+       * lib/canonicalize-lgpl.c (__realpath): Fix unlikely memory leak,
+       which could have occurred if BUF was so large that malloc was
+       called.  Do this by allocating EXTRA_BUF and BUF at the same time;
+       this eliminates the need to free BUF separately.
+
 2020-11-22  Bruno Haible  <bruno@clisp.org>
 
        Fix missing module dependencies to 'xalloc' (regression 2020-10-19).
diff --git a/lib/canonicalize-lgpl.c b/lib/canonicalize-lgpl.c
index cc42662db..edac98f83 100644
--- a/lib/canonicalize-lgpl.c
+++ b/lib/canonicalize-lgpl.c
@@ -293,39 +293,26 @@ __realpath (const char *name, char *resolved)
                   goto error;
                 }
 
-              buf = malloca (path_max);
-              if (!buf)
-                {
-                  __set_errno (ENOMEM);
-                  goto error;
-                }
-
-              n = __readlink (rpath, buf, path_max - 1);
-              if (n < 0)
-                {
-                  int saved_errno = errno;
-                  freea (buf);
-                  __set_errno (saved_errno);
-                  goto error;
-                }
-              buf[n] = '\0';
-
               if (!extra_buf)
                 {
-                  extra_buf = malloca (path_max);
+                  extra_buf = malloca (2 * path_max);
                   if (!extra_buf)
                     {
-                      freea (buf);
-                      __set_errno (ENOMEM);
+                      alloc_failed ();
                       goto error;
                     }
                 }
+              buf = extra_buf + path_max;
+
+              n = __readlink (rpath, buf, path_max - 1);
+              if (n < 0)
+                goto error;
+              buf[n] = '\0';
 
               len = strlen (end);
               /* Check that n + len + 1 doesn't overflow and is <= path_max. */
               if (n >= SIZE_MAX - len || n + len >= path_max)
                 {
-                  freea (buf);
                   __set_errno (ENAMETOOLONG);
                   goto error;
                 }
-- 
2.27.0
reply via email to
[Prev in Thread] Current Thread [Next in Thread]