From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Jim Meyering Newsgroups: gmane.emacs.devel Subject: [PATCH] don't dereference NULL upon failed malloc and realloc Date: Sun, 21 Jun 2009 17:44:12 +0200 Message-ID: <87tz29pp6b.fsf@meyering.net> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1245599096 10896 80.91.229.12 (21 Jun 2009 15:44:56 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 21 Jun 2009 15:44:56 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Jun 21 17:44:53 2009 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1MIPDs-00080x-AO for ged-emacs-devel@m.gmane.org; Sun, 21 Jun 2009 17:44:48 +0200 Original-Received: from localhost ([127.0.0.1]:55353 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MIPDr-0006EH-JK for ged-emacs-devel@m.gmane.org; Sun, 21 Jun 2009 11:44:47 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MIPDU-0005zA-Mv for emacs-devel@gnu.org; Sun, 21 Jun 2009 11:44:24 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MIPDR-0005xC-1p for emacs-devel@gnu.org; Sun, 21 Jun 2009 11:44:24 -0400 Original-Received: from [199.232.76.173] (port=45012 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MIPDQ-0005x6-Oy for emacs-devel@gnu.org; Sun, 21 Jun 2009 11:44:20 -0400 Original-Received: from smtp3-g21.free.fr ([212.27.42.3]:46293) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MIPDP-0004Wu-VN for emacs-devel@gnu.org; Sun, 21 Jun 2009 11:44:20 -0400 Original-Received: from smtp3-g21.free.fr (localhost [127.0.0.1]) by smtp3-g21.free.fr (Postfix) with ESMTP id 892908180F9 for ; Sun, 21 Jun 2009 17:44:14 +0200 (CEST) Original-Received: from mx.meyering.net (mx.meyering.net [82.230.74.64]) by smtp3-g21.free.fr (Postfix) with ESMTP id A5421818085 for ; Sun, 21 Jun 2009 17:44:12 +0200 (CEST) Original-Received: by rho.meyering.net (Acme Bit-Twister, from userid 1000) id 5E7E8334FD; Sun, 21 Jun 2009 17:44:12 +0200 (CEST) Original-Lines: 84 X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:111615 Archived-At: Hello, I noticed some potential NULL-deref-after-failed-malloc/realloc. Here's one way to fix them: >From 4c51394b3fc14f108404689dade9629bc6b0cefc Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Sun, 21 Jun 2009 17:13:38 +0200 Subject: [PATCH] don't dereference NULL upon failed malloc and realloc * src/ftfont.c (setup_otf_gstring, ftfont_shape_by_flt): Use xmalloc and xrealloc, so subsequent dereferences of unchecked *alloc-return values are valid. --- ChangeLog | 7 +++++++ src/ftfont.c | 16 ++++++++-------- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3099ced..a277f07 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2009-06-21 Jim Meyering + + don't dereference NULL upon failed malloc and realloc + * src/ftfont.c (setup_otf_gstring, ftfont_shape_by_flt): Use xmalloc + and xrealloc, so subsequent dereferences of unchecked *alloc-return + values are valid. + 2009-06-12 Chong Yidong * configure.in: Delete mac-fix-env target, which has been diff --git a/src/ftfont.c b/src/ftfont.c index 7dcdee6..3119291 100644 --- a/src/ftfont.c +++ b/src/ftfont.c @@ -1700,13 +1700,13 @@ setup_otf_gstring (int size) { if (otf_gstring.size == 0) { - otf_gstring.glyphs = (OTF_Glyph *) malloc (sizeof (OTF_Glyph) * size); + otf_gstring.glyphs = (OTF_Glyph *) xmalloc (sizeof (OTF_Glyph) * size); otf_gstring.size = size; } else if (otf_gstring.size < size) { - otf_gstring.glyphs = (OTF_Glyph *) realloc (otf_gstring.glyphs, - sizeof (OTF_Glyph) * size); + otf_gstring.glyphs = xrealloc (otf_gstring.glyphs, + sizeof (OTF_Glyph) * size); otf_gstring.size = size; } otf_gstring.used = size; @@ -2037,13 +2037,13 @@ ftfont_shape_by_flt (lgstring, font, ft_face, otf) { gstring.allocated = len * 2; gstring.glyph_size = sizeof (MFLTGlyph); - gstring.glyphs = malloc (sizeof (MFLTGlyph) * gstring.allocated); + gstring.glyphs = xmalloc (sizeof (MFLTGlyph) * gstring.allocated); } else if (gstring.allocated < len * 2) { gstring.allocated = len * 2; - gstring.glyphs = realloc (gstring.glyphs, - sizeof (MFLTGlyph) * gstring.allocated); + gstring.glyphs = xrealloc (gstring.glyphs, + sizeof (MFLTGlyph) * gstring.allocated); } memset (gstring.glyphs, 0, sizeof (MFLTGlyph) * len); for (i = 0; i < len; i++) @@ -2092,8 +2092,8 @@ ftfont_shape_by_flt (lgstring, font, ft_face, otf) if (result != -2) break; gstring.allocated += gstring.allocated; - gstring.glyphs = realloc (gstring.glyphs, - sizeof (MFLTGlyph) * gstring.allocated); + gstring.glyphs = xrealloc (gstring.glyphs, + sizeof (MFLTGlyph) * gstring.allocated); } if (gstring.used > LGSTRING_GLYPH_LEN (lgstring)) return Qnil; -- 1.6.3.2.448.g363bdb