1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00

urlglob: fix zero size malloc

This commit is contained in:
Yang Tse 2011-06-02 22:19:39 +02:00
parent 65a9fa59dc
commit bf749bb2c5

View File

@ -70,8 +70,8 @@ static GlobCode glob_set(URLGlob *glob, char *pattern,
pat->type = UPTSet; pat->type = UPTSet;
pat->content.Set.size = 0; pat->content.Set.size = 0;
pat->content.Set.ptr_s = 0; pat->content.Set.ptr_s = 0;
/* FIXME: Here's a nasty zero size malloc */ pat->content.Set.elements = NULL;
pat->content.Set.elements = malloc(0);
++glob->size; ++glob->size;
while(!done) { while(!done) {
@ -90,15 +90,23 @@ static GlobCode glob_set(URLGlob *glob, char *pattern,
case ',': case ',':
case '}': /* set element completed */ case '}': /* set element completed */
*buf = '\0'; *buf = '\0';
pat->content.Set.elements = if(pat->content.Set.elements)
realloc(pat->content.Set.elements, pat->content.Set.elements =
(pat->content.Set.size + 1) * sizeof(char*)); realloc(pat->content.Set.elements,
(pat->content.Set.size + 1) * sizeof(char*));
else
pat->content.Set.elements =
malloc((pat->content.Set.size + 1) * sizeof(char*));
if(!pat->content.Set.elements) { if(!pat->content.Set.elements) {
snprintf(glob->errormsg, sizeof(glob->errormsg), "out of memory"); snprintf(glob->errormsg, sizeof(glob->errormsg), "out of memory");
return GLOB_ERROR; return GLOB_ERROR;
} }
pat->content.Set.elements[pat->content.Set.size] = pat->content.Set.elements[pat->content.Set.size] =
strdup(glob->glob_buffer); strdup(glob->glob_buffer);
if(!pat->content.Set.elements[pat->content.Set.size]) {
snprintf(glob->errormsg, sizeof(glob->errormsg), "out of memory");
return GLOB_ERROR;
}
++pat->content.Set.size; ++pat->content.Set.size;
if(*pattern == '}') { if(*pattern == '}') {
@ -363,11 +371,13 @@ void glob_cleanup(URLGlob* glob)
free(glob->literal[i/2]); free(glob->literal[i/2]);
} }
else { /* odd indexes contain sets or ranges */ else { /* odd indexes contain sets or ranges */
if(glob->pattern[i/2].type == UPTSet) { if((glob->pattern[i/2].type == UPTSet) &&
(glob->pattern[i/2].content.Set.elements)) {
for(elem = glob->pattern[i/2].content.Set.size - 1; for(elem = glob->pattern[i/2].content.Set.size - 1;
elem >= 0; elem >= 0;
--elem) { --elem) {
free(glob->pattern[i/2].content.Set.elements[elem]); if(glob->pattern[i/2].content.Set.elements[elem])
free(glob->pattern[i/2].content.Set.elements[elem]);
} }
free(glob->pattern[i/2].content.Set.elements); free(glob->pattern[i/2].content.Set.elements);
} }