From: "Darrick J. Wong" Subject: [PATCH 26/74] libss: fix memory handling errors Date: Tue, 10 Dec 2013 17:21:15 -0800 Message-ID: <20131211012115.30655.51030.stgit@birch.djwong.org> References: <20131211011813.30655.39624.stgit@birch.djwong.org> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Cc: linux-ext4@vger.kernel.org To: tytso@mit.edu, darrick.wong@oracle.com Return-path: Received: from aserp1040.oracle.com ([141.146.126.69]:26472 "EHLO aserp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751626Ab3LKBVU (ORCPT ); Tue, 10 Dec 2013 20:21:20 -0500 In-Reply-To: <20131211011813.30655.39624.stgit@birch.djwong.org> Sender: linux-ext4-owner@vger.kernel.org List-ID: Fix memory allocation calculations and check for NULL pointer returns. Signed-off-by: Darrick J. Wong --- lib/ss/invocation.c | 5 +++++ lib/ss/parse.c | 4 ++++ lib/ss/request_tbl.c | 2 +- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/ss/invocation.c b/lib/ss/invocation.c index a711050..08b66f2 100644 --- a/lib/ss/invocation.c +++ b/lib/ss/invocation.c @@ -20,6 +20,7 @@ #ifdef HAVE_DLOPEN #include #endif +#include int ss_create_invocation(subsystem_name, version_string, info_ptr, request_table_ptr, code_ptr) @@ -46,6 +47,10 @@ int ss_create_invocation(subsystem_name, version_string, info_ptr, ; table = (ss_data **) realloc((char *)table, ((unsigned)sci_idx+2)*size); + if (table == NULL) { + *code_ptr = errno; + return 0; + } table[sci_idx+1] = (ss_data *) NULL; table[sci_idx] = new_table; diff --git a/lib/ss/parse.c b/lib/ss/parse.c index b70ad16..baded66 100644 --- a/lib/ss/parse.c +++ b/lib/ss/parse.c @@ -90,6 +90,10 @@ char **ss_parse (sci_idx, line_ptr, argc_ptr) parse_mode = TOKEN; cp = line_ptr; argv = NEW_ARGV (argv, argc); + if (argv == NULL) { + *argc_ptr = errno; + return argv; + } argv[argc++] = line_ptr; argv[argc] = NULL; } diff --git a/lib/ss/request_tbl.c b/lib/ss/request_tbl.c index b0b6f95..efdabfa 100644 --- a/lib/ss/request_tbl.c +++ b/lib/ss/request_tbl.c @@ -35,7 +35,7 @@ void ss_add_request_table(sci_idx, rqtbl_ptr, position, code_ptr) ; /* size == C subscript of NULL == #elements */ size += 2; /* new element, and NULL */ - t = (ssrt **)realloc(info->rqt_tables, (unsigned)size*sizeof(ssrt)); + t = (ssrt **)realloc(info->rqt_tables, (unsigned)size*sizeof(ssrt *)); if (t == (ssrt **)NULL) { *code_ptr = errno; return;