libss: fix memory handling errors

author Darrick J. Wong <darrick.wong@oracle.com>

Thu, 12 Dec 2013 18:12:09 +0000 (13:12 -0500)

committer Theodore Ts'o <tytso@mit.edu>

Thu, 12 Dec 2013 18:12:11 +0000 (13:12 -0500)
author Darrick J. Wong <darrick.wong@oracle.com>
Thu, 12 Dec 2013 18:12:09 +0000 (13:12 -0500)
committer Theodore Ts'o <tytso@mit.edu>
Thu, 12 Dec 2013 18:12:11 +0000 (13:12 -0500)
diff --git a/lib/ss/invocation.c b/lib/ss/invocation.c

index a7110500e42e3fe4248f413cc0461e0dc922e1c9..08b66f280f6fd8acb22a582e6e70e1356282e1a8 100644 (file)
--- a/lib/ss/invocation.c
+++ b/lib/ss/invocation.c
@@ -20,6 +20,7 @@
  #ifdef HAVE_DLOPEN
  #include <dlfcn.h>
  #endif
+#include <errno.h>
  
  int ss_create_invocation(subsystem_name, version_string, info_ptr,
                          request_table_ptr, code_ptr)
@@ -46,6 +47,10 @@ int ss_create_invocation(subsystem_name, version_string, info_ptr,
                 ;
         table = (ss_data **) realloc((char *)table,
                                      ((unsigned)sci_idx+2)*size);
+       if (table == NULL) {
+               *code_ptr = errno;
+               return 0;
+       }
         table[sci_idx+1] = (ss_data *) NULL;
         table[sci_idx] = new_table;
  
diff --git a/lib/ss/parse.c b/lib/ss/parse.c

index b70ad1654ddfd3830d3b2c521592a5ab46f7973a..baded665e060d183c79b69e769cd560aa9ea4835 100644 (file)
--- a/lib/ss/parse.c
+++ b/lib/ss/parse.c
@@ -90,6 +90,10 @@ char **ss_parse (sci_idx, line_ptr, argc_ptr)
                 parse_mode = TOKEN;
                 cp = line_ptr;
                 argv = NEW_ARGV (argv, argc);
+               if (argv == NULL) {
+                       *argc_ptr = errno;
+                       return argv;
+               }
                 argv[argc++] = line_ptr;
                 argv[argc] = NULL;
             }
diff --git a/lib/ss/request_tbl.c b/lib/ss/request_tbl.c

index b0b6f95903c86a492f13b277dbb210ec8d4d0a3f..efdabfa3d2b351e3f2989c3ab13ad07b1aaee10d 100644 (file)
--- a/lib/ss/request_tbl.c
+++ b/lib/ss/request_tbl.c
@@ -35,7 +35,7 @@ void ss_add_request_table(sci_idx, rqtbl_ptr, position, code_ptr)
                 ;
         /* size == C subscript of NULL == #elements */
         size += 2;              /* new element, and NULL */
-       t = (ssrt **)realloc(info->rqt_tables, (unsigned)size*sizeof(ssrt));
+       t = (ssrt **)realloc(info->rqt_tables, (unsigned)size*sizeof(ssrt *));
         if (t == (ssrt **)NULL) {
                 *code_ptr = errno;
                 return;
author	Darrick J. Wong <darrick.wong@oracle.com>
	Thu, 12 Dec 2013 18:12:09 +0000 (13:12 -0500)
committer	Theodore Ts'o <tytso@mit.edu>
	Thu, 12 Dec 2013 18:12:11 +0000 (13:12 -0500)
lib/ss/invocation.c		patch \| blob \| blame \| history
lib/ss/parse.c		patch \| blob \| blame \| history
lib/ss/request_tbl.c		patch \| blob \| blame \| history