diff options
| author | Enji Cooper <ngie@FreeBSD.org> | 2016-04-30 09:13:26 +0000 |
|---|---|---|
| committer | Enji Cooper <ngie@FreeBSD.org> | 2016-04-30 09:13:26 +0000 |
| commit | 68b68bf55d62b45c339f8ec24e6367f77cd61c46 (patch) | |
| tree | 5e2b583361331cc065489c37ffba4258719c6e75 /lib/libkvm | |
| parent | 4cf287c0110afeda7eb6a9d787c008fddd3310e4 (diff) | |
| download | src-68b68bf55d62b45c339f8ec24e6367f77cd61c46.tar.gz src-68b68bf55d62b45c339f8ec24e6367f77cd61c46.zip | |
Fix memory allocation edgecases in kvm_argv(..)
- Don't leak nbufp on realloc failure in kvm_argv
- Catch malloc errors with bufp
- Set buflen last in the "buflen == 0" case to ensure that
bufp/nbufp is properly reallocated on the next go around
Differential Revision: https://reviews.freebsd.org/D6051
MFC after: 1 week
Reviewed by: jhb, markj
Reported by: cppcheck
Sponsored by: EMC / Isilon Storage Division
Notes
Notes:
svn path=/head/; revision=298839
Diffstat (limited to 'lib/libkvm')
| -rw-r--r-- | lib/libkvm/kvm_proc.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/lib/libkvm/kvm_proc.c b/lib/libkvm/kvm_proc.c index 1eb9872ecb5b..5cd0493cf3d4 100644 --- a/lib/libkvm/kvm_proc.c +++ b/lib/libkvm/kvm_proc.c @@ -666,6 +666,7 @@ kvm_argv(kvm_t *kd, const struct kinfo_proc *kp, int env, int nchr) static char *buf, *p; static char **bufp; static int argc; + char **nbufp; if (!ISALIVE(kd)) { _kvm_err(kd, kd->program, @@ -681,9 +682,15 @@ kvm_argv(kvm_t *kd, const struct kinfo_proc *kp, int env, int nchr) _kvm_err(kd, kd->program, "cannot allocate memory"); return (NULL); } - buflen = nchr; argc = 32; bufp = malloc(sizeof(char *) * argc); + if (bufp == NULL) { + free(buf); + buf = NULL; + _kvm_err(kd, kd->program, "cannot allocate memory"); + return (NULL); + } + buflen = nchr; } else if (nchr > buflen) { p = realloc(buf, nchr); if (p != NULL) { @@ -716,8 +723,10 @@ kvm_argv(kvm_t *kd, const struct kinfo_proc *kp, int env, int nchr) p += strlen(p) + 1; if (i >= argc) { argc += argc; - bufp = realloc(bufp, - sizeof(char *) * argc); + nbufp = realloc(bufp, sizeof(char *) * argc); + if (nbufp == NULL) + return (NULL); + bufp = nbufp; } } while (p < buf + bufsz); bufp[i++] = 0; |