about summary refs log tree commit diff
diff options
context:
space:
mode:
authorPaul Eggert <eggert@cs.ucla.edu>2010-01-22 12:33:58 -0800
committerUlrich Drepper <drepper@redhat.com>2010-01-22 12:33:58 -0800
commit74bc9f14db655d2fdc9018d396af326e9b9bdf3f (patch)
tree2cb1d196ab7946258bf5df109d2974cabb349c50
parent42a2c9b5c3c92f7e2f556d7bc9dc80e557484574 (diff)
downloadglibc-74bc9f14db655d2fdc9018d396af326e9b9bdf3f.tar.gz
glibc-74bc9f14db655d2fdc9018d396af326e9b9bdf3f.tar.xz
glibc-74bc9f14db655d2fdc9018d396af326e9b9bdf3f.zip
regexec.c: avoid leaks on out-of-memory failure paths
-rw-r--r--ChangeLog4
-rw-r--r--posix/regexec.c19
2 files changed, 19 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index e6167fae89..969326dbfb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2010-01-22  Jim Meyering  <jim@meyering.net>
 
+	[BZ #11192]
+	* posix/regexec.c (re_copy_regs): Don't leak when allocation
+	of the start buffer succeeds but allocation of the "end" one fails.
+
 	[BZ #11191]
 	* posix/regexec.c (re_search_2_stub): Check for overflow
 	when adding the sizes of the two strings.
diff --git a/posix/regexec.c b/posix/regexec.c
index bad52ac2e0..949c170ebd 100644
--- a/posix/regexec.c
+++ b/posix/regexec.c
@@ -509,9 +509,14 @@ re_copy_regs (regs, pmatch, nregs, regs_allocated)
   if (regs_allocated == REGS_UNALLOCATED)
     { /* No.  So allocate them with malloc.  */
       regs->start = re_malloc (regoff_t, need_regs);
-      regs->end = re_malloc (regoff_t, need_regs);
-      if (BE (regs->start == NULL, 0) || BE (regs->end == NULL, 0))
+      if (BE (regs->start == NULL, 0))
 	return REGS_UNALLOCATED;
+      regs->end = re_malloc (regoff_t, need_regs);
+      if (BE (regs->end == NULL, 0))
+	{
+	  re_free (regs->start);
+	  return REGS_UNALLOCATED;
+	}
       regs->num_regs = need_regs;
     }
   else if (regs_allocated == REGS_REALLOCATE)
@@ -521,9 +526,15 @@ re_copy_regs (regs, pmatch, nregs, regs_allocated)
       if (BE (need_regs > regs->num_regs, 0))
 	{
 	  regoff_t *new_start = re_realloc (regs->start, regoff_t, need_regs);
-	  regoff_t *new_end = re_realloc (regs->end, regoff_t, need_regs);
-	  if (BE (new_start == NULL, 0) || BE (new_end == NULL, 0))
+	  regoff_t *new_end;
+	  if (BE (new_start == NULL, 0))
 	    return REGS_UNALLOCATED;
+	  new_end = re_realloc (regs->end, regoff_t, need_regs);
+	  if (BE (new_end == NULL, 0))
+	    {
+	      re_free (new_start);
+	      return REGS_UNALLOCATED;
+	    }
 	  regs->start = new_start;
 	  regs->end = new_end;
 	  regs->num_regs = need_regs;