On Wed, Jan 22, 2020 at 12:44:18AM -0500, Ted Unangst wrote:
> should not size the size until the allocation succeeds, or the free path will
> try to deref the null array.
>
>
> Index: json.c
> ===================================================================
> RCS file: /home/cvs/src/usr.sbin/acme-client/json.c,v
> retrieving revision 1.14
> diff -u -p -r1.14 json.c
> --- json.c 18 Jun 2019 18:50:07 -0000 1.14
> +++ json.c 22 Jan 2020 05:37:59 -0000
> @@ -459,12 +459,13 @@ json_parse_order(struct jsmnn *n, struct
> if ((array = json_getarray(n, "authorizations")) == NULL)
> goto err;
>
> - if ((order->authsz = array->fields) > 0) {
> + if (array->fields > 0) {
> order->auths = calloc(sizeof(*order->auths), order->authsz);
Shouldn't the second argument be switched to array->fields to maintain
the same behavior?
> if (order->auths == NULL) {
> warn("malloc");
> goto err;
> }
> + order->authsz = array->fields;
> }
>
> for (i = 0; i < array->fields; i++) {
>
