BUG/MEDIUM: config: Reset outline buffer size on realloc error in readcfgfile()

When the line parsing failed because outline buffer must be reallocated, if
my_realloc2() call fails, the buffer size must be reset. Indeed, in this case
the current line is skipped, a fatal error is reported and we jump to the next
line. At this stage the outline buffer is NULL. If the buffer size is not reset,
the next call to parse_line() crashes because we try to write in the buffer. We
fail to detect the outline buffer is too small to copy any character.

To fix the issue, outlinesize variable must be set to 0 when outline allocation
failed.

This patch should fix the issue #1563. It must be backported as far as 2.2.

diff --git a/src/cfgparse.c b/src/cfgparse.c
index b1ec46f2facbf42c6a95471fa347f5decaf22ed8..2f886d92ede54e2a2af66f4b997143025e31a233 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1862,6 +1862,7 @@ next_line:
                                                 file, linenum);
                                        err_code |= ERR_ALERT | ERR_FATAL;
                                        fatal++;
+                                       outlinesize = 0;
                                        goto next_line;
                                }
                                /* try again */