Check realloc return values (#2204)

If realloc fails, keep track of currently allocated memory instead of
provoking memory leaks in error paths.

diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
index 354cb0d0bab560c69b7367f17e5e5a7a4f296a76..3f3d7db2bc9aa53b2081c6c89925e66b173aa6ce 100644 (file)
--- a/libarchive/archive_read_support_format_rar.c
+++ b/libarchive/archive_read_support_format_rar.c
@@ -1373,6 +1373,8 @@ read_header(struct archive_read *a, struct archive_entry *entry,
   struct archive_string_conv *sconv, *fn_sconv;
   unsigned long crc32_val;
   int ret = (ARCHIVE_OK), ret2;
+  char *newptr;
+  size_t newsize;
 
   rar = (struct rar *)(a->format->data);
 
@@ -1519,8 +1521,7 @@ read_header(struct archive_read *a, struct archive_entry *entry,
     return (ARCHIVE_FATAL);
   }
   if (rar->filename_allocated < filename_size * 2 + 2) {
-    char *newptr;
-    size_t newsize = filename_size * 2 + 2;
+    newsize = filename_size * 2 + 2;
     newptr = realloc(rar->filename, newsize);
     if (newptr == NULL) {
       archive_set_error(&a->archive, ENOMEM,
@@ -1657,13 +1658,16 @@ read_header(struct archive_read *a, struct archive_entry *entry,
     rar->cursor++;
     if (rar->cursor >= rar->nodes)
     {
-      rar->nodes++;
-      if ((rar->dbo =
-        realloc(rar->dbo, sizeof(*rar->dbo) * rar->nodes)) == NULL)
+      struct data_block_offsets *newdbo;
+
+      newsize = sizeof(*rar->dbo) * (rar->nodes + 1);
+      if ((newdbo = realloc(rar->dbo, newsize)) == NULL)
       {
         archive_set_error(&a->archive, ENOMEM, "Couldn't allocate memory.");
         return (ARCHIVE_FATAL);
       }
+      rar->dbo = newdbo;
+      rar->nodes++;
       rar->dbo[rar->cursor].header_size = header_size;
       rar->dbo[rar->cursor].start_offset = -1;
       rar->dbo[rar->cursor].end_offset = -1;
@@ -1683,9 +1687,14 @@ read_header(struct archive_read *a, struct archive_entry *entry,
     return (ARCHIVE_FATAL);
   }
 
-  rar->filename_save = (char*)realloc(rar->filename_save,
-                                      filename_size + 1);
-  memcpy(rar->filename_save, rar->filename, filename_size + 1);
+  newsize = filename_size + 1;
+  if ((newptr = realloc(rar->filename_save, newsize)) == NULL)
+  {
+    archive_set_error(&a->archive, ENOMEM, "Couldn't allocate memory.");
+    return (ARCHIVE_FATAL);
+  }
+  rar->filename_save = newptr;
+  memcpy(rar->filename_save, rar->filename, newsize);
   rar->filename_save_size = filename_size;
 
   /* Set info for seeking */

diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c
index 92db4ff05b634dec66c17b77af829bd6b53ab770..bac906d26d9570d652ba378b77c93c8e9d7efc3f 100644 (file)
--- a/libarchive/archive_write_disk_posix.c
+++ b/libarchive/archive_write_disk_posix.c
@@ -4196,7 +4196,7 @@ copy_xattrs(struct archive_write_disk *a, int tmpfd, int dffd)
        }
        for (xattr_i = 0; xattr_i < xattr_size;
            xattr_i += strlen(xattr_names + xattr_i) + 1) {
-               char *xattr_val_saved;
+               char *p;
                ssize_t s;
                int f;
 
@@ -4207,15 +4207,14 @@ copy_xattrs(struct archive_write_disk *a, int tmpfd, int dffd)
                        ret = ARCHIVE_WARN;
                        goto exit_xattr;
                }
-               xattr_val_saved = xattr_val;
-               xattr_val = realloc(xattr_val, s);
-               if (xattr_val == NULL) {
+               p = realloc(xattr_val, s);
+               if (p == NULL) {
                        archive_set_error(&a->archive, ENOMEM,
                            "Failed to get metadata(xattr)");
                        ret = ARCHIVE_WARN;
-                       free(xattr_val_saved);
                        goto exit_xattr;
                }
+               xattr_val = p;
                s = fgetxattr(tmpfd, xattr_names + xattr_i, xattr_val, s, 0, 0);
                if (s == -1) {
                        archive_set_error(&a->archive, errno,