I did a more thorough search through dfa.c for potential heap allocation problems and found two more. This fixes them:
>From bfd71eeff179f1ddeaefb63860b58941ea95a14f Mon Sep 17 00:00:00 2001 From: Jim Meyering <[email protected]> Date: Tue, 21 Jun 2011 10:14:45 +0200 Subject: [PATCH] dfa: more heap-allocation-related overflow protection * src/dfa.c (enlist): Use xnrealloc, not realloc. Also, remove unnecessary cast-to-(char *). (dfamust): Use xnmalloc, not malloc. Before, this code would return upon malloc failure (xnmalloc exits upon failure), but later, via the *ALLOC macros, it could already exit, so this new potential exit point is nothing new. The same applies to enlist, since it is called only through dfamust. --- src/dfa.c | 8 ++------ 1 files changed, 2 insertions(+), 6 deletions(-) diff --git a/src/dfa.c b/src/dfa.c index 0fc6c55..10825f7 100644 --- a/src/dfa.c +++ b/src/dfa.c @@ -3712,9 +3712,7 @@ enlist (char **cpp, char *new, size_t len) cpp[i] = NULL; } /* Add the new string. */ - cpp = realloc((char *) cpp, (i + 2) * sizeof *cpp); - if (cpp == NULL) - return NULL; + cpp = xnrealloc(cpp, i + 2, sizeof *cpp); cpp[i] = new; cpp[i + 1] = NULL; return cpp; @@ -3839,9 +3837,7 @@ dfamust (struct dfa *d) result = empty_string; exact = 0; - musts = malloc((d->tindex + 1) * sizeof *musts); - if (musts == NULL) - return; + musts = xnmalloc(d->tindex + 1, sizeof *musts); mp = musts; for (i = 0; i <= d->tindex; ++i) mp[i] = must0; -- 1.7.6.rc2.295.gb63f3
