bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] regex: fix double-free


From: Paul Eggert
Subject: [PATCH] regex: fix double-free
Date: Fri, 11 Mar 2022 17:24:54 -0800

* lib/regex_internal.c (re_dfa_add_node): Don’t free storage
twice if an allocation fails.
---
 ChangeLog            |  4 ++++
 lib/regex_internal.c | 22 ++++++++++------------
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 7a6ade78c3..4d49a824e5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2022-03-11  Paul Eggert  <eggert@cs.ucla.edu>
 
+       regex: fix double-free
+       * lib/regex_internal.c (re_dfa_add_node): Don’t free storage
+       twice if an allocation fails.
+
        regex: fix minor over-allocation
        * lib/regexec.c (push_fail_stack): Fix off-by-one error that
        over-allocated the stack.
diff --git a/lib/regex_internal.c b/lib/regex_internal.c
index 3945ee7ecb..0e6919f340 100644
--- a/lib/regex_internal.c
+++ b/lib/regex_internal.c
@@ -1396,24 +1396,22 @@ re_dfa_add_node (re_dfa_t *dfa, re_token_t token)
       if (__glibc_unlikely (new_nodes == NULL))
        return -1;
       dfa->nodes = new_nodes;
+      dfa->nodes_alloc = new_nodes_alloc;
       new_nexts = re_realloc (dfa->nexts, Idx, new_nodes_alloc);
+      if (new_nexts != NULL)
+       dfa->nexts = new_nexts;
       new_indices = re_realloc (dfa->org_indices, Idx, new_nodes_alloc);
+      if (new_indices != NULL)
+       dfa->org_indices = new_indices;
       new_edests = re_realloc (dfa->edests, re_node_set, new_nodes_alloc);
+      if (new_edests != NULL)
+       dfa->edests = new_edests;
       new_eclosures = re_realloc (dfa->eclosures, re_node_set, 
new_nodes_alloc);
+      if (new_eclosures != NULL)
+       dfa->eclosures = new_eclosures;
       if (__glibc_unlikely (new_nexts == NULL || new_indices == NULL
                            || new_edests == NULL || new_eclosures == NULL))
-       {
-          re_free (new_nexts);
-          re_free (new_indices);
-          re_free (new_edests);
-          re_free (new_eclosures);
-          return -1;
-       }
-      dfa->nexts = new_nexts;
-      dfa->org_indices = new_indices;
-      dfa->edests = new_edests;
-      dfa->eclosures = new_eclosures;
-      dfa->nodes_alloc = new_nodes_alloc;
+       return -1;
     }
   dfa->nodes[dfa->nodes_len] = token;
   dfa->nodes[dfa->nodes_len].constraint = 0;
-- 
2.35.1




reply via email to

[Prev in Thread] Current Thread [Next in Thread]