In the function merge_state_with_log(), memory is allocated for the variable next_nodes when creating a union of the variables table_nodes and log_nodes. However, if next_state->entrance_nodes is NULL, then table_nodes becomes NULL and we still allocate memory to copy the content of log_nodes. This can cause a resource leak since we only free the memory for next_nodes if table_nodes isn't NULL. To prevent this, we need to check that next_state->entrance_nodes isn't NULL before allocating memory for the union.
This issue was found by a Coverity Scan of GRUB2 under the following CID: CID: 473887 Signed-off-by: Alec Brown <[email protected]> --- lib/regexec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/regexec.c b/lib/regexec.c index c5ab9b6649..0d14ac35fe 100644 --- a/lib/regexec.c +++ b/lib/regexec.c @@ -2271,7 +2271,7 @@ merge_state_with_log (reg_errcode_t *err, re_match_context_t *mctx, these destinations and the results of the transition table. */ pstate = mctx->state_log[cur_idx]; log_nodes = pstate->entrance_nodes; - if (next_state != NULL) + if (next_state != NULL && next_state->entrance_nodes != NULL) { table_nodes = next_state->entrance_nodes; *err = re_node_set_init_union (&next_nodes, table_nodes, -- 2.43.5
