On Wed, Jan 22, 2020 at 12:44:18AM -0500, Ted Unangst wrote: > should not size the size until the allocation succeeds, or the free path will > try to deref the null array. > > > Index: json.c > =================================================================== > RCS file: /home/cvs/src/usr.sbin/acme-client/json.c,v > retrieving revision 1.14 > diff -u -p -r1.14 json.c > --- json.c 18 Jun 2019 18:50:07 -0000 1.14 > +++ json.c 22 Jan 2020 05:37:59 -0000 > @@ -459,12 +459,13 @@ json_parse_order(struct jsmnn *n, struct > if ((array = json_getarray(n, "authorizations")) == NULL) > goto err; > > - if ((order->authsz = array->fields) > 0) { > + if (array->fields > 0) { > order->auths = calloc(sizeof(*order->auths), order->authsz);
Shouldn't the second argument be switched to array->fields to maintain the same behavior? > if (order->auths == NULL) { > warn("malloc"); > goto err; > } > + order->authsz = array->fields; > } > > for (i = 0; i < array->fields; i++) { >