BUG/MINOR: errors: handle malloc failure in usermsgs_put()

usermsgs_buf.size is set without first checking if previous malloc
attempt succeeded.

This could fool the buffer API into assuming that the buffer is
initialized, resulting in unsafe read/writes.

Guarding usermsgs_buf.size assignment with the malloc attempt result
to make the buffer initialization safe against malloc failures.

This partially fixes GH #2130.

It should be backported up to 2.6.

diff --git a/src/errors.c b/src/errors.c
index 2e9d6afb7e046e65954b97629265d56836b6fa76..5913cb1d509d909e14d3c93d9ecdb4837da7401d 100644 (file)
--- a/src/errors.c
+++ b/src/errors.c
@@ -229,7 +229,8 @@ static void usermsgs_put(const struct ist *msg)
        /* Allocate the buffer if not already done. */
        if (unlikely(b_is_null(&usermsgs_buf))) {
                usermsgs_buf.area = malloc(USER_MESSAGES_BUFSIZE * sizeof(char));
-               usermsgs_buf.size = USER_MESSAGES_BUFSIZE;
+               if (usermsgs_buf.area)
+                       usermsgs_buf.size = USER_MESSAGES_BUFSIZE;
        }
 
        if (likely(!b_is_null(&usermsgs_buf))) {