[flac-dev] [PATCH 3/2] Free memory on errors in all safe_realloc_*() functions

2018-07-20 Thread Miroslav Lichvar 
---
 include/share/alloc.h | 36 +---
 1 file changed, 25 insertions(+), 11 deletions(-)

diff --git a/include/share/alloc.h b/include/share/alloc.h
index 63878db0..97752f0c 100644
--- a/include/share/alloc.h
+++ b/include/share/alloc.h
@@ -174,34 +174,46 @@ static inline void *safe_realloc_add_2op_(void *ptr, 
size_t size1, size_t size2)
 static inline void *safe_realloc_add_3op_(void *ptr, size_t size1, size_t 
size2, size_t size3)
 {
size2 += size1;
-   if(size2 < size1)
+   if(size2 < size1) {
+   free(ptr);
return 0;
+   }
size3 += size2;
-   if(size3 < size2)
+   if(size3 < size2) {
+   free(ptr);
return 0;
-   return realloc(ptr, size3);
+   }
+   return safe_realloc_(ptr, size3);
 }
 
 static inline void *safe_realloc_add_4op_(void *ptr, size_t size1, size_t 
size2, size_t size3, size_t size4)
 {
size2 += size1;
-   if(size2 < size1)
+   if(size2 < size1) {
+   free(ptr);
return 0;
+   }
size3 += size2;
-   if(size3 < size2)
+   if(size3 < size2) {
+   free(ptr);
return 0;
+   }
size4 += size3;
-   if(size4 < size3)
+   if(size4 < size3) {
+   free(ptr);
return 0;
-   return realloc(ptr, size4);
+   }
+   return safe_realloc_(ptr, size4);
 }
 
 static inline void *safe_realloc_mul_2op_(void *ptr, size_t size1, size_t 
size2)
 {
if(!size1 || !size2)
-   return realloc(ptr, 0); /* preserve POSIX realloc(ptr, 0) 
semantics */
-   if(size1 > SIZE_MAX / size2)
+   return safe_realloc_(ptr, 0); /* preserve POSIX realloc(ptr, 0) 
semantics */
+   if(size1 > SIZE_MAX / size2) {
+   free(ptr);
return 0;
+   }
return safe_realloc_(ptr, size1*size2);
 }
 
@@ -209,10 +221,12 @@ static inline void *safe_realloc_mul_2op_(void *ptr, 
size_t size1, size_t size2)
 static inline void *safe_realloc_muladd2_(void *ptr, size_t size1, size_t 
size2, size_t size3)
 {
if(!size1 || (!size2 && !size3))
-   return realloc(ptr, 0); /* preserve POSIX realloc(ptr, 0) 
semantics */
+   return safe_realloc_(ptr, 0); /* preserve POSIX realloc(ptr, 0) 
semantics */
size2 += size3;
-   if(size2 < size3)
+   if(size2 < size3) {
+   free(ptr);
return 0;
+   }
return safe_realloc_mul_2op_(ptr, size1, size2);
 }
 
-- 
2.17.1

___
flac-dev mailing list
flac-dev@xiph.org
http://lists.xiph.org/mailman/listinfo/flac-dev

[flac-dev] [PATCH 2/2] Fix safe_realloc_add_2op_() to free memory when reallocation fails

2018-07-20 Thread Miroslav Lichvar 
---
 include/share/alloc.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/share/alloc.h b/include/share/alloc.h
index 914de9ba..63878db0 100644
--- a/include/share/alloc.h
+++ b/include/share/alloc.h
@@ -168,7 +168,7 @@ static inline void *safe_realloc_add_2op_(void *ptr, size_t 
size1, size_t size2)
free(ptr);
return 0;
}
-   return realloc(ptr, size2);
+   return safe_realloc_(ptr, size2);
 }
 
 static inline void *safe_realloc_add_3op_(void *ptr, size_t size1, size_t 
size2, size_t size3)
-- 
2.17.1

___
flac-dev mailing list
flac-dev@xiph.org
http://lists.xiph.org/mailman/listinfo/flac-dev

[flac-dev] [PATCH 1/2] Avoid double free in iconvert()

2018-07-20 Thread Miroslav Lichvar 
When safe_realloc_add_2op_(utfbuf, ...) is called with an invalid size
and returns 0, set utfbuf to 0 to avoid second deallocation later in the
function.
---
 src/share/utf8/iconvert.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/share/utf8/iconvert.c b/src/share/utf8/iconvert.c
index 472ca876..03068ac9 100644
--- a/src/share/utf8/iconvert.c
+++ b/src/share/utf8/iconvert.c
@@ -150,8 +150,10 @@ int iconvert(const char *fromcode, const char *tocode,
   return ret;
 }
 newbuf = safe_realloc_add_2op_(utfbuf, (ob - utfbuf), /*+*/1);
-if (!newbuf)
+if (!newbuf) {
+  utfbuf = 0;
   goto fail;
+}
 ob = (ob - utfbuf) + newbuf;
 *ob = '\0';
 *to = newbuf;
-- 
2.17.1

___
flac-dev mailing list
flac-dev@xiph.org
http://lists.xiph.org/mailman/listinfo/flac-dev