summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYang Tse <yangsita@gmail.com>2011-06-02 22:19:39 +0200
committerYang Tse <yangsita@gmail.com>2011-06-02 22:19:39 +0200
commitbf749bb2c56dd3fd63b1362c2e26beab600ef14c (patch)
tree4b2ec94d76a5b2caeb9e98037da0105938e645d9
parent65a9fa59dcb442a23a8e01cdd1ee86d03f0b6957 (diff)
downloadcurl-bf749bb2c56dd3fd63b1362c2e26beab600ef14c.tar.gz
urlglob: fix zero size malloc
-rw-r--r--src/urlglob.c24
1 files changed, 17 insertions, 7 deletions
diff --git a/src/urlglob.c b/src/urlglob.c
index 2bbadabb2..8dd77e136 100644
--- a/src/urlglob.c
+++ b/src/urlglob.c
@@ -70,8 +70,8 @@ static GlobCode glob_set(URLGlob *glob, char *pattern,
pat->type = UPTSet;
pat->content.Set.size = 0;
pat->content.Set.ptr_s = 0;
- /* FIXME: Here's a nasty zero size malloc */
- pat->content.Set.elements = malloc(0);
+ pat->content.Set.elements = NULL;
+
++glob->size;
while(!done) {
@@ -90,15 +90,23 @@ static GlobCode glob_set(URLGlob *glob, char *pattern,
case ',':
case '}': /* set element completed */
*buf = '\0';
- pat->content.Set.elements =
- realloc(pat->content.Set.elements,
- (pat->content.Set.size + 1) * sizeof(char*));
+ if(pat->content.Set.elements)
+ pat->content.Set.elements =
+ realloc(pat->content.Set.elements,
+ (pat->content.Set.size + 1) * sizeof(char*));
+ else
+ pat->content.Set.elements =
+ malloc((pat->content.Set.size + 1) * sizeof(char*));
if(!pat->content.Set.elements) {
snprintf(glob->errormsg, sizeof(glob->errormsg), "out of memory");
return GLOB_ERROR;
}
pat->content.Set.elements[pat->content.Set.size] =
strdup(glob->glob_buffer);
+ if(!pat->content.Set.elements[pat->content.Set.size]) {
+ snprintf(glob->errormsg, sizeof(glob->errormsg), "out of memory");
+ return GLOB_ERROR;
+ }
++pat->content.Set.size;
if(*pattern == '}') {
@@ -363,11 +371,13 @@ void glob_cleanup(URLGlob* glob)
free(glob->literal[i/2]);
}
else { /* odd indexes contain sets or ranges */
- if(glob->pattern[i/2].type == UPTSet) {
+ if((glob->pattern[i/2].type == UPTSet) &&
+ (glob->pattern[i/2].content.Set.elements)) {
for(elem = glob->pattern[i/2].content.Set.size - 1;
elem >= 0;
--elem) {
- free(glob->pattern[i/2].content.Set.elements[elem]);
+ if(glob->pattern[i/2].content.Set.elements[elem])
+ free(glob->pattern[i/2].content.Set.elements[elem]);
}
free(glob->pattern[i/2].content.Set.elements);
}