diff options
author | Paul Eggert <eggert@cs.ucla.edu> | 2010-01-22 12:33:58 -0800 |
---|---|---|
committer | Ulrich Drepper <drepper@redhat.com> | 2010-01-22 12:33:58 -0800 |
commit | 74bc9f14db655d2fdc9018d396af326e9b9bdf3f (patch) | |
tree | 2cb1d196ab7946258bf5df109d2974cabb349c50 | |
parent | 42a2c9b5c3c92f7e2f556d7bc9dc80e557484574 (diff) | |
download | glibc-74bc9f14db655d2fdc9018d396af326e9b9bdf3f.tar.gz glibc-74bc9f14db655d2fdc9018d396af326e9b9bdf3f.tar.xz glibc-74bc9f14db655d2fdc9018d396af326e9b9bdf3f.zip |
regexec.c: avoid leaks on out-of-memory failure paths
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | posix/regexec.c | 19 |
2 files changed, 19 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog index e6167fae89..969326dbfb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ 2010-01-22 Jim Meyering <jim@meyering.net> + [BZ #11192] + * posix/regexec.c (re_copy_regs): Don't leak when allocation + of the start buffer succeeds but allocation of the "end" one fails. + [BZ #11191] * posix/regexec.c (re_search_2_stub): Check for overflow when adding the sizes of the two strings. diff --git a/posix/regexec.c b/posix/regexec.c index bad52ac2e0..949c170ebd 100644 --- a/posix/regexec.c +++ b/posix/regexec.c @@ -509,9 +509,14 @@ re_copy_regs (regs, pmatch, nregs, regs_allocated) if (regs_allocated == REGS_UNALLOCATED) { /* No. So allocate them with malloc. */ regs->start = re_malloc (regoff_t, need_regs); - regs->end = re_malloc (regoff_t, need_regs); - if (BE (regs->start == NULL, 0) || BE (regs->end == NULL, 0)) + if (BE (regs->start == NULL, 0)) return REGS_UNALLOCATED; + regs->end = re_malloc (regoff_t, need_regs); + if (BE (regs->end == NULL, 0)) + { + re_free (regs->start); + return REGS_UNALLOCATED; + } regs->num_regs = need_regs; } else if (regs_allocated == REGS_REALLOCATE) @@ -521,9 +526,15 @@ re_copy_regs (regs, pmatch, nregs, regs_allocated) if (BE (need_regs > regs->num_regs, 0)) { regoff_t *new_start = re_realloc (regs->start, regoff_t, need_regs); - regoff_t *new_end = re_realloc (regs->end, regoff_t, need_regs); - if (BE (new_start == NULL, 0) || BE (new_end == NULL, 0)) + regoff_t *new_end; + if (BE (new_start == NULL, 0)) return REGS_UNALLOCATED; + new_end = re_realloc (regs->end, regoff_t, need_regs); + if (BE (new_end == NULL, 0)) + { + re_free (new_start); + return REGS_UNALLOCATED; + } regs->start = new_start; regs->end = new_end; regs->num_regs = need_regs; |