From: Ammar Faizi <ammarfaizi2@xxxxxxxxxxx>
We need to use a temporary variable when calling `realloc()`. If we do:
ptr = realloc(ptr, new_size);
the `ptr` will be NULL when the `realloc()` hits ENOMEM and the old
pointer will be leaked. This fixes several places that do the above
`realloc()` call.
Signed-off-by: Ammar Faizi <ammarfaizi2@xxxxxxxxxxx>
---
client.c | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/client.c b/client.c
index 605a3ce5..c93c90eb 100644
--- a/client.c
+++ b/client.c
@@ -338,9 +338,16 @@ static void __fio_client_add_cmd_option(struct fio_client *client,
const char *opt)
{
int index;
+ void *tmp;
index = client->argc++;
- client->argv = realloc(client->argv, sizeof(char *) * client->argc);
+ tmp = realloc(client->argv, sizeof(char *) * client->argc);
+ if (!tmp) {
+ log_err("fio: cannot reallocate client->argv in %s\n", __func__);
+ return;
+ }
+
+ client->argv = tmp;
client->argv[index] = strdup(opt);
dprint(FD_NET, "client: add cmd %d: %s\n", index, opt);
}
@@ -1535,12 +1542,17 @@ static void handle_start(struct fio_client *client, struct fio_net_cmd *cmd)
client->nr_stat = le32_to_cpu(pdu->stat_outputs);
if (client->jobs) {
+ void *tmp;
int i;
- if (client->opt_lists)
+ tmp = realloc(client->opt_lists,
+ client->jobs * sizeof(struct flist_head));
+ if (!tmp) {
free(client->opt_lists);
+ return;
+ }
+ client->opt_lists = tmp;
- client->opt_lists = malloc(client->jobs * sizeof(struct flist_head));
for (i = 0; i < client->jobs; i++)
INIT_FLIST_HEAD(&client->opt_lists[i]);
}
@@ -1750,7 +1762,11 @@ fail:
}
size += sb.st_size;
- rep = realloc(rep, size);
+ tmp = realloc(rep, size);
+ if (!tmp)
+ goto fail;
+
+ rep = tmp;
rep->size = cpu_to_le32((uint32_t) sb.st_size);
fd = open((char *)pdu->path, O_RDONLY);
--
Ammar Faizi
