Author: ngie
Date: Sat Apr 30 09:13:26 2016
New Revision: 298839
URL: https://svnweb.freebsd.org/changeset/base/298839
Log:
Fix memory allocation edgecases in kvm_argv(..)
- Don't leak nbufp on realloc failure in kvm_argv
- Catch malloc errors with bufp
- Set buflen last in the "buflen == 0" case to ensure that
bufp/nbufp is properly reallocated on the next go around
Differential Revision: https://reviews.freebsd.org/D6051
MFC after: 1 week
Reviewed by: jhb, markj
Reported by: cppcheck
Sponsored by: EMC / Isilon Storage Division
Modified:
head/lib/libkvm/kvm_proc.c
Modified: head/lib/libkvm/kvm_proc.c
==============================================================================
--- head/lib/libkvm/kvm_proc.c Sat Apr 30 06:48:48 2016 (r298838)
+++ head/lib/libkvm/kvm_proc.c Sat Apr 30 09:13:26 2016 (r298839)
@@ -666,6 +666,7 @@ kvm_argv(kvm_t *kd, const struct kinfo_p
static char *buf, *p;
static char **bufp;
static int argc;
+ char **nbufp;
if (!ISALIVE(kd)) {
_kvm_err(kd, kd->program,
@@ -681,9 +682,15 @@ kvm_argv(kvm_t *kd, const struct kinfo_p
_kvm_err(kd, kd->program, "cannot allocate memory");
return (NULL);
}
- buflen = nchr;
argc = 32;
bufp = malloc(sizeof(char *) * argc);
+ if (bufp == NULL) {
+ free(buf);
+ buf = NULL;
+ _kvm_err(kd, kd->program, "cannot allocate memory");
+ return (NULL);
+ }
+ buflen = nchr;
} else if (nchr > buflen) {
p = realloc(buf, nchr);
if (p != NULL) {
@@ -716,8 +723,10 @@ kvm_argv(kvm_t *kd, const struct kinfo_p
p += strlen(p) + 1;
if (i >= argc) {
argc += argc;
- bufp = realloc(bufp,
- sizeof(char *) * argc);
+ nbufp = realloc(bufp, sizeof(char *) * argc);
+ if (nbufp == NULL)
+ return (NULL);
+ bufp = nbufp;
}
} while (p < buf + bufsz);
bufp[i++] = 0;
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
