[Expat-checkins] expat/lib xmlparse.c,1.32,1.33
fdrake@users.sourceforge.net
fdrake@users.sourceforge.net
Thu May 16 20:42:03 2002
Update of /cvsroot/expat/expat/lib
In directory usw-pr-cvs1:/tmp/cvs-serv3224/lib
Modified Files:
xmlparse.c
Log Message:
Fix a number of potential memory leaks around REALLOC(). More are lurking.
Index: xmlparse.c
===================================================================
RCS file: /cvsroot/expat/expat/lib/xmlparse.c,v
retrieving revision 1.32
retrieving revision 1.33
diff -C2 -d -r1.32 -r1.33
*** xmlparse.c 15 May 2002 15:56:21 -0000 1.32
--- xmlparse.c 17 May 2002 03:41:34 -0000 1.33
***************
*** 1148,1153 ****
if (buffer == 0 || nLeftOver > bufferLim - buffer) {
/* FIXME avoid integer overflow */
! buffer = buffer == 0 ? MALLOC(len * 2) : REALLOC(buffer, len * 2);
! /* FIXME storage leak if realloc fails */
if (!buffer) {
errorCode = XML_ERROR_NO_MEMORY;
--- 1148,1158 ----
if (buffer == 0 || nLeftOver > bufferLim - buffer) {
/* FIXME avoid integer overflow */
! char *temp;
! temp = buffer == 0 ? MALLOC(len * 2) : REALLOC(buffer, len * 2);
! if (temp == NULL) {
! errorCode = XML_ERROR_NO_MEMORY;
! return 0;
! }
! buffer = temp;
if (!buffer) {
errorCode = XML_ERROR_NO_MEMORY;
***************
*** 1666,1675 ****
tag->buf + ROUND_UP(tag->rawNameLength, sizeof(XML_Char))
<= tag->bufEnd - sizeof(XML_Char) */
! if (tag->rawNameLength + (int)(sizeof(XML_Char) - 1) + (int)sizeof(XML_Char) > tag->bufEnd - tag->buf) {
int bufSize = tag->rawNameLength * 4;
bufSize = ROUND_UP(bufSize, sizeof(XML_Char));
! tag->buf = REALLOC(tag->buf, bufSize);
! if (!tag->buf)
! return XML_ERROR_NO_MEMORY;
tag->bufEnd = tag->buf + bufSize;
}
--- 1671,1684 ----
tag->buf + ROUND_UP(tag->rawNameLength, sizeof(XML_Char))
<= tag->bufEnd - sizeof(XML_Char) */
! if (tag->rawNameLength + (int)(sizeof(XML_Char) - 1)
! + (int)sizeof(XML_Char) > tag->bufEnd - tag->buf) {
int bufSize = tag->rawNameLength * 4;
bufSize = ROUND_UP(bufSize, sizeof(XML_Char));
! {
! char *temp = REALLOC(tag->buf, bufSize);
! if (temp == NULL)
! return XML_ERROR_NO_MEMORY;
! tag->buf = temp;
! }
tag->bufEnd = tag->buf + bufSize;
}
***************
*** 1697,1703 ****
break;
bufSize = (tag->bufEnd - tag->buf) << 1;
! tag->buf = REALLOC(tag->buf, bufSize);
! if (!tag->buf)
! return XML_ERROR_NO_MEMORY;
tag->bufEnd = tag->buf + bufSize;
if (nextPtr)
--- 1706,1715 ----
break;
bufSize = (tag->bufEnd - tag->buf) << 1;
! {
! char *temp = REALLOC(tag->buf, bufSize);
! if (temp == NULL)
! return XML_ERROR_NO_MEMORY;
! tag->buf = temp;
! }
tag->bufEnd = tag->buf + bufSize;
if (nextPtr)
***************
*** 1960,1967 ****
if (n + nDefaultAtts > attsSize) {
int oldAttsSize = attsSize;
attsSize = n + nDefaultAtts + INIT_ATTS_SIZE;
! atts = REALLOC((void *)atts, attsSize * sizeof(ATTRIBUTE));
! if (!atts)
return XML_ERROR_NO_MEMORY;
if (n > oldAttsSize)
XmlGetAttributes(enc, attStr, n, atts);
--- 1972,1981 ----
if (n + nDefaultAtts > attsSize) {
int oldAttsSize = attsSize;
+ ATTRIBUTE *temp;
attsSize = n + nDefaultAtts + INIT_ATTS_SIZE;
! temp = REALLOC((void *)atts, attsSize * sizeof(ATTRIBUTE));
! if (temp == NULL)
return XML_ERROR_NO_MEMORY;
+ atts = temp;
if (n > oldAttsSize)
XmlGetAttributes(enc, attStr, n, atts);