about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--doc/HISTORY6
-rw-r--r--lib/util/mallocvar.h15
2 files changed, 18 insertions, 3 deletions
diff --git a/doc/HISTORY b/doc/HISTORY
index 409f4fc9..ce424a6b 100644
--- a/doc/HISTORY
+++ b/doc/HISTORY
@@ -50,7 +50,11 @@ not yet  BJH  Release 10.40.00
 
               libnetpbm: Reject empty TUPLTYPE header.
 
-<screen>              libnetpbm: Fix uninitialized variable in pnm_allocpamrown().
+              libnetpbm: Fix uninitialized variable in pnm_allocpamrown().
+
+              libnetpbm: fix crash in REALLOCARRAY with advanced optimization.
+
+              libnetpbm: REALLOCARRAY frees memory if it fails.
 
               Rename pamtooctave to pamtooctaveimg.
 
diff --git a/lib/util/mallocvar.h b/lib/util/mallocvar.h
index a26d007b..e5b7b1ea 100644
--- a/lib/util/mallocvar.h
+++ b/lib/util/mallocvar.h
@@ -57,11 +57,22 @@ static __inline__ void
 reallocProduct(void **      const blockP,
                unsigned int const factor1,
                unsigned int const factor2) {
+
+    void * const oldBlockP = *blockP;
+
+    void * newBlockP;
     
     if (UINT_MAX / factor2 < factor1) 
-        *blockP = NULL;
+        newBlockP = NULL;
     else 
-        *blockP = realloc(*blockP, factor1 * factor2); 
+        newBlockP = realloc(oldBlockP, factor1 * factor2); 
+
+    if (newBlockP)
+        *blockP = newBlockP;
+    else {
+        free(oldBlockP);
+        *blockP = NULL;
+    }
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-07 13:17:20 +0000