diff options
author | Patrick Steinhardt <ps@pks.im> | 2019-08-08 11:34:01 +0200 |
---|---|---|
committer | Patrick Steinhardt <ps@pks.im> | 2019-08-23 12:54:01 +0200 |
commit | f3b3e543bc4eb3990cba4a331c5ec96a9835a8df (patch) | |
tree | 060830774b92ba782b1ad711b74d050973d5ced6 | |
parent | c2dd895a8df51d0a012e7780380f46bd60dde432 (diff) | |
download | libgit2-f3b3e543bc4eb3990cba4a331c5ec96a9835a8df.tar.gz |
xdiff: catch memory allocation errors
The xdiff code contains multiple call sites where the results of
`xdl_malloc` are not being checked for memory allocation errors.
Add checks to fix possible segfaults due to `NULL` pointer accesses.
-rw-r--r-- | src/xdiff/xmerge.c | 12 | ||||
-rw-r--r-- | src/xdiff/xpatience.c | 3 |
2 files changed, 15 insertions, 0 deletions
diff --git a/src/xdiff/xmerge.c b/src/xdiff/xmerge.c index e6eaf24b5..278cbe124 100644 --- a/src/xdiff/xmerge.c +++ b/src/xdiff/xmerge.c @@ -717,10 +717,22 @@ int xdl_merge(mmfile_t *orig, mmfile_t *mf1, mmfile_t *mf2, status = 0; if (!xscr1) { result->ptr = xdl_malloc(mf2->size); + if (!result->ptr) { + xdl_free_script(xscr2); + xdl_free_env(&xe1); + xdl_free_env(&xe2); + return -1; + } memcpy(result->ptr, mf2->ptr, mf2->size); result->size = mf2->size; } else if (!xscr2) { result->ptr = xdl_malloc(mf1->size); + if (!result->ptr) { + xdl_free_script(xscr1); + xdl_free_env(&xe1); + xdl_free_env(&xe2); + return -1; + } memcpy(result->ptr, mf1->ptr, mf1->size); result->size = mf1->size; } else { diff --git a/src/xdiff/xpatience.c b/src/xdiff/xpatience.c index cedf39cc3..53b7d5fd1 100644 --- a/src/xdiff/xpatience.c +++ b/src/xdiff/xpatience.c @@ -217,6 +217,9 @@ static struct entry *find_longest_common_sequence(struct hashmap *map) */ int anchor_i = -1; + if (!sequence) + return NULL; + for (entry = map->first; entry; entry = entry->next) { if (!entry->line2 || entry->line2 == NON_UNIQUE) continue; |