diff options
author | Paul Eggert <eggert@cs.ucla.edu> | 2019-08-21 09:25:22 -0700 |
---|---|---|
committer | Paul Eggert <eggert@cs.ucla.edu> | 2019-08-21 11:02:19 -0700 |
commit | 8a80ee5e2bab17a1f8e1e78fab5c33ac7efa8b29 (patch) | |
tree | a72040c5d2c3d0bdd6523c7cb4da9c751a9e9c43 /posix | |
parent | 1baae4aa6f3313da77d799f12f963910b05db637 (diff) | |
download | glibc-8a80ee5e2bab17a1f8e1e78fab5c33ac7efa8b29.zip glibc-8a80ee5e2bab17a1f8e1e78fab5c33ac7efa8b29.tar.gz glibc-8a80ee5e2bab17a1f8e1e78fab5c33ac7efa8b29.tar.bz2 |
Fix bad pointer / leak in regex code
This was found by Coverity (CID 1484201). [BZ#24844]
* posix/regex_internal.c (create_cd_newstate): Fix use of bad
pointer and/or memory leak when storage is exhausted.
Diffstat (limited to 'posix')
-rw-r--r-- | posix/regex_internal.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/posix/regex_internal.c b/posix/regex_internal.c index 9004ce8..f53ded9 100644 --- a/posix/regex_internal.c +++ b/posix/regex_internal.c @@ -1716,15 +1716,19 @@ create_cd_newstate (const re_dfa_t *dfa, const re_node_set *nodes, { if (newstate->entrance_nodes == &newstate->nodes) { - newstate->entrance_nodes = re_malloc (re_node_set, 1); - if (__glibc_unlikely (newstate->entrance_nodes == NULL)) + re_node_set *entrance_nodes = re_malloc (re_node_set, 1); + if (__glibc_unlikely (entrance_nodes == NULL)) { free_state (newstate); return NULL; } + newstate->entrance_nodes = entrance_nodes; if (re_node_set_init_copy (newstate->entrance_nodes, nodes) != REG_NOERROR) - return NULL; + { + free_state (newstate); + return NULL; + } nctx_nodes = 0; newstate->has_constraint = 1; } |