From 160b4e86b497ad3b36ab7536d38095e592dfe698 Mon Sep 17 00:00:00 2001 From: ngie Date: Fri, 13 May 2016 09:52:39 +0000 Subject: [PATCH] MFC r298839: Fix memory allocation edgecases in kvm_argv(..) - Don't leak nbufp on realloc failure in kvm_argv - Catch malloc errors with bufp - Set buflen last in the "buflen == 0" case to ensure that bufp/nbufp is properly reallocated on the next go around git-svn-id: svn://svn.freebsd.org/base/stable/10@299651 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- lib/libkvm/kvm_proc.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/lib/libkvm/kvm_proc.c b/lib/libkvm/kvm_proc.c index 31258d7a0..f8e152e4b 100644 --- a/lib/libkvm/kvm_proc.c +++ b/lib/libkvm/kvm_proc.c @@ -642,6 +642,7 @@ kvm_argv(kvm_t *kd, const struct kinfo_proc *kp, int env, int nchr) static char *buf, *p; static char **bufp; static int argc; + char **nbufp; if (!ISALIVE(kd)) { _kvm_err(kd, kd->program, @@ -657,9 +658,15 @@ kvm_argv(kvm_t *kd, const struct kinfo_proc *kp, int env, int nchr) _kvm_err(kd, kd->program, "cannot allocate memory"); return (0); } - buflen = nchr; argc = 32; bufp = malloc(sizeof(char *) * argc); + if (bufp == NULL) { + free(buf); + buf = NULL; + _kvm_err(kd, kd->program, "cannot allocate memory"); + return (NULL); + } + buflen = nchr; } else if (nchr > buflen) { p = realloc(buf, nchr); if (p != NULL) { @@ -693,8 +700,10 @@ kvm_argv(kvm_t *kd, const struct kinfo_proc *kp, int env, int nchr) p += strlen(p) + 1; if (i >= argc) { argc += argc; - bufp = realloc(bufp, - sizeof(char *) * argc); + nbufp = realloc(bufp, sizeof(char *) * argc); + if (nbufp == NULL) + return (NULL); + bufp = nbufp; } } while (p < buf + bufsz); bufp[i++] = 0; -- 2.45.0