From dbcf43dbd623dc1dcdfddb6132da7ee28a99486f Mon Sep 17 00:00:00 2001 From: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> Date: Thu, 16 Apr 2020 23:26:22 +0200 Subject: [PATCH] Fix malloc/realloc use * Check return value of malloc() * Properly handle the case where realloc() fails * Fix NULL-pointer access reported by clang's static analyis tool --- src/userinput.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/src/userinput.c b/src/userinput.c index 524be2f..f8384f9 100644 --- a/src/userinput.c +++ b/src/userinput.c @@ -41,17 +41,23 @@ static char *uri_escape(const char *string) for (i = 0; string[i]; i++) { if (allocated_len + 4 >= real_len) { allocated_len += 16; - escaped = realloc(escaped, allocated_len); + char *tmp = realloc(escaped, allocated_len); + // bail out if realloc fails - if (escaped == NULL) - return NULL; + if (tmp == NULL) { + free(escaped); + escaped = NULL; + break; + } + escaped = tmp; } if (isalnum(string[i])) escaped[real_len++] = string[i]; else real_len += sprintf(&escaped[real_len], "%%%02X", string[i]); } - escaped[real_len] = '\0'; + if (escaped) + escaped[real_len] = '\0'; return escaped; } @@ -63,6 +69,10 @@ static char *uri_unescape(const char *string) int real_len = 0; int i = 0; + // bail out if malloc fails + if (unescaped == NULL) + return NULL; + while (string[i]) { if (string[i] == '%' && isxdigit(string[i + 1]) && isxdigit(string[i + 2])) { -- GitLab