From dbcf43dbd623dc1dcdfddb6132da7ee28a99486f Mon Sep 17 00:00:00 2001
From: Dimitri Papadopoulos
 <3234522+DimitriPapadopoulos@users.noreply.github.com>
Date: Thu, 16 Apr 2020 23:26:22 +0200
Subject: [PATCH] Fix malloc/realloc use

* Check return value of malloc()
* Properly handle the case where realloc() fails
* Fix NULL-pointer access reported by clang's static analyis tool
---
 src/userinput.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/userinput.c b/src/userinput.c
index 524be2f..f8384f9 100644
--- a/src/userinput.c
+++ b/src/userinput.c
@@ -41,17 +41,23 @@ static char *uri_escape(const char *string)
 	for (i = 0; string[i]; i++) {
 		if (allocated_len + 4 >= real_len) {
 			allocated_len += 16;
-			escaped = realloc(escaped, allocated_len);
+			char *tmp = realloc(escaped, allocated_len);
+
 			// bail out if realloc fails
-			if (escaped == NULL)
-				return NULL;
+			if (tmp == NULL) {
+				free(escaped);
+				escaped = NULL;
+				break;
+			}
+			escaped = tmp;
 		}
 		if (isalnum(string[i]))
 			escaped[real_len++] = string[i];
 		else
 			real_len += sprintf(&escaped[real_len], "%%%02X", string[i]);
 	}
-	escaped[real_len] = '\0';
+	if (escaped)
+		escaped[real_len] = '\0';
 
 	return escaped;
 }
@@ -63,6 +69,10 @@ static char *uri_unescape(const char *string)
 	int real_len = 0;
 	int i = 0;
 
+	// bail out if malloc fails
+	if (unescaped == NULL)
+		return NULL;
+
 	while (string[i]) {
 		if (string[i] == '%' && isxdigit(string[i + 1])
 		    && isxdigit(string[i + 2])) {
-- 
GitLab