From: Hubert Verstraete <hubs@users.sourceforge.net>
Date: Tue, 28 Jun 2016 20:44:26 +0000 (+0200)
Subject: CLEANUP: fixed some usages of realloc leading to memory leak
X-Git-Tag: v1.7-dev4~45
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=831962e3b32777573f3818c0917e7592bf3b462f;p=thirdparty%2Fhaproxy.git

CLEANUP: fixed some usages of realloc leading to memory leak

Changed all the cases where the pointer passed to realloc is overwritten
by the pointer returned by realloc. The new function my_realloc2 has
been used except in function register_name. If register_name fails to
add a new variable because of an "out of memory" error, all the existing
variables remain valid. If we had used my_realloc2, the array of variables
would have been freed.
---

diff --git a/src/cfgparse.c b/src/cfgparse.c
index d9afd843f7..4e4775a6e5 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1592,10 +1592,10 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
 
 		if (logsrv->maxlen > global.max_syslog_len) {
 			global.max_syslog_len = logsrv->maxlen;
-			logheader = realloc(logheader, global.max_syslog_len + 1);
-			logheader_rfc5424 = realloc(logheader_rfc5424, global.max_syslog_len + 1);
-			logline = realloc(logline, global.max_syslog_len + 1);
-			logline_rfc5424 = realloc(logline_rfc5424, global.max_syslog_len + 1);
+			logheader = my_realloc2(logheader, global.max_syslog_len + 1);
+			logheader_rfc5424 = my_realloc2(logheader_rfc5424, global.max_syslog_len + 1);
+			logline = my_realloc2(logline, global.max_syslog_len + 1);
+			logline_rfc5424 = my_realloc2(logline_rfc5424, global.max_syslog_len + 1);
 		}
 
 		/* after the length, a format may be specified */
@@ -6078,10 +6078,10 @@ stats_error_parsing:
 
 			if (logsrv->maxlen > global.max_syslog_len) {
 				global.max_syslog_len = logsrv->maxlen;
-				logheader = realloc(logheader, global.max_syslog_len + 1);
-				logheader_rfc5424 = realloc(logheader_rfc5424, global.max_syslog_len + 1);
-				logline = realloc(logline, global.max_syslog_len + 1);
-				logline_rfc5424 = realloc(logline_rfc5424, global.max_syslog_len + 1);
+				logheader = my_realloc2(logheader, global.max_syslog_len + 1);
+				logheader_rfc5424 = my_realloc2(logheader_rfc5424, global.max_syslog_len + 1);
+				logline = my_realloc2(logline, global.max_syslog_len + 1);
+				logline_rfc5424 = my_realloc2(logline_rfc5424, global.max_syslog_len + 1);
 			}
 
 			/* after the length, a format may be specified */
diff --git a/src/chunk.c b/src/chunk.c
index e2511076ba..7134fead35 100644
--- a/src/chunk.c
+++ b/src/chunk.c
@@ -17,6 +17,7 @@
 
 #include <common/config.h>
 #include <common/chunk.h>
+#include <common/standard.h>
 
 /* trash chunks used for various conversions */
 static struct chunk *trash_chunk;
@@ -60,8 +61,8 @@ struct chunk *get_trash_chunk(void)
 int alloc_trash_buffers(int bufsize)
 {
 	trash_size = bufsize;
-	trash_buf1 = (char *)realloc(trash_buf1, bufsize);
-	trash_buf2 = (char *)realloc(trash_buf2, bufsize);
+	trash_buf1 = (char *)my_realloc2(trash_buf1, bufsize);
+	trash_buf2 = (char *)my_realloc2(trash_buf2, bufsize);
 	return trash_buf1 && trash_buf2;
 }
 
diff --git a/src/standard.c b/src/standard.c
index cfed94d24f..c9f68b5448 100644
--- a/src/standard.c
+++ b/src/standard.c
@@ -3104,7 +3104,7 @@ char *memprintf(char **out, const char *format, ...)
 		}
 
 		allocated = needed + 1;
-		ret = realloc(ret, allocated);
+		ret = my_realloc2(ret, allocated);
 	} while (ret);
 
 	if (needed < 0) {
@@ -3252,7 +3252,7 @@ char *env_expand(char *in)
 			val_len = value ? strlen(value) : 0;
 		}
 
-		out = realloc(out, out_len + (txt_end - txt_beg) + val_len + 1);
+		out = my_realloc2(out, out_len + (txt_end - txt_beg) + val_len + 1);
 		if (txt_end > txt_beg) {
 			memcpy(out + out_len, txt_beg, txt_end - txt_beg);
 			out_len += txt_end - txt_beg;
diff --git a/src/vars.c b/src/vars.c
index d79f317b98..56fade5d9f 100644
--- a/src/vars.c
+++ b/src/vars.c
@@ -151,6 +151,7 @@ void vars_init(struct vars *vars, enum vars_scope scope)
 static char *register_name(const char *name, int len, enum vars_scope *scope, char **err)
 {
 	int i;
+	char **var_names2;
 	const char *tmp;
 
 	/* Check length. */
@@ -191,13 +192,14 @@ static char *register_name(const char *name, int len, enum vars_scope *scope, ch
 		if (strncmp(var_names[i], name, len) == 0)
 			return var_names[i];
 
-	/* Store variable name. */
-	var_names_nb++;
-	var_names = realloc(var_names, var_names_nb * sizeof(*var_names));
-	if (!var_names) {
+	/* Store variable name. If realloc fails, var_names remains valid */
+	var_names2 = realloc(var_names, (var_names_nb + 1) * sizeof(*var_names));
+	if (!var_names2) {
 		memprintf(err, "out of memory error");
 		return NULL;
 	}
+	var_names_nb++;
+	var_names = var_names2;
 	var_names[var_names_nb - 1] = malloc(len + 1);
 	if (!var_names[var_names_nb - 1]) {
 		memprintf(err, "out of memory error");