Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 13 May 2016 09:52:40 +0000 (UTC)
From:      Garrett Cooper <ngie@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r299651 - stable/10/lib/libkvm
Message-ID:  <201605130952.u4D9qekJ091347@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: ngie
Date: Fri May 13 09:52:39 2016
New Revision: 299651
URL: https://svnweb.freebsd.org/changeset/base/299651

Log:
  MFC r298839:
  
  Fix memory allocation edgecases in kvm_argv(..)
  
  - Don't leak nbufp on realloc failure in kvm_argv
  - Catch malloc errors with bufp
  - Set buflen last in the "buflen == 0" case to ensure that
    bufp/nbufp is properly reallocated on the next go around

Modified:
  stable/10/lib/libkvm/kvm_proc.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/lib/libkvm/kvm_proc.c
==============================================================================
--- stable/10/lib/libkvm/kvm_proc.c	Fri May 13 09:50:38 2016	(r299650)
+++ stable/10/lib/libkvm/kvm_proc.c	Fri May 13 09:52:39 2016	(r299651)
@@ -642,6 +642,7 @@ kvm_argv(kvm_t *kd, const struct kinfo_p
 	static char *buf, *p;
 	static char **bufp;
 	static int argc;
+	char **nbufp;
 
 	if (!ISALIVE(kd)) {
 		_kvm_err(kd, kd->program,
@@ -657,9 +658,15 @@ kvm_argv(kvm_t *kd, const struct kinfo_p
 			_kvm_err(kd, kd->program, "cannot allocate memory");
 			return (0);
 		}
-		buflen = nchr;
 		argc = 32;
 		bufp = malloc(sizeof(char *) * argc);
+		if (bufp == NULL) {
+			free(buf);
+			buf = NULL;
+			_kvm_err(kd, kd->program, "cannot allocate memory");
+			return (NULL);
+		}
+		buflen = nchr;
 	} else if (nchr > buflen) {
 		p = realloc(buf, nchr);
 		if (p != NULL) {
@@ -693,8 +700,10 @@ kvm_argv(kvm_t *kd, const struct kinfo_p
 		p += strlen(p) + 1;
 		if (i >= argc) {
 			argc += argc;
-			bufp = realloc(bufp,
-			    sizeof(char *) * argc);
+			nbufp = realloc(bufp, sizeof(char *) * argc);
+			if (nbufp == NULL)
+				return (NULL);
+			bufp = nbufp;
 		}
 	} while (p < buf + bufsz);
 	bufp[i++] = 0;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605130952.u4D9qekJ091347>