regex: fix resource leak when searching

* lib/regex.c (merge_state_with_log):
In this function, memory is allocated for the variable next_nodes when
creating a union of the variables table_nodes and log_nodes.
However, if next_state->entrance_nodes is NULL, table_nodes becomes
NULL and we still allocate memory to copy the contents of log_nodes.
This can cause a resource leak since we only free the memory for
next_nodes if table_nodes isn't NULL. To prevent this, check that
next_state->entrance_nodes isn't NULL before allocating memory
for the union.

This issue was found by a Coverity Scan of GRUB2 under the following CID:
CID: 473887

Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Copyright-paperwork-exempt: Yes

diff --git a/lib/regexec.c b/lib/regexec.c
index c5ab9b6649f36752047cfbd55704ef5f0e211a97..0d14ac35fe9ca83055116142e445490967955da9 100644 (file)
--- a/lib/regexec.c
+++ b/lib/regexec.c
@@ -2271,7 +2271,7 @@ merge_state_with_log (reg_errcode_t *err, re_match_context_t *mctx,
         these destinations and the results of the transition table.  */
       pstate = mctx->state_log[cur_idx];
       log_nodes = pstate->entrance_nodes;
-      if (next_state != NULL)
+      if (next_state != NULL && next_state->entrance_nodes != NULL)
        {
          table_nodes = next_state->entrance_nodes;
          *err = re_node_set_init_union (&next_nodes, table_nodes,