From: Fabian Keil Date: Fri, 14 Nov 2014 10:40:10 +0000 (+0000) Subject: pcrs_execute(): Consistently set *result to NULL in case of errors X-Git-Tag: v_3_0_22~13 X-Git-Url: http://www.privoxy.org/gitweb/%22https:/developer-manual/faq/user-manual/static/%3C?a=commitdiff_plain;h=26cfec65118d8c0ea77df6982eb7454856cdae98;p=privoxy.git pcrs_execute(): Consistently set *result to NULL in case of errors Should make use-after-free in the caller less likely. CID 66391, CID 66376. --- diff --git a/pcrs.c b/pcrs.c index 29fb78d2..d90b87c4 100644 --- a/pcrs.c +++ b/pcrs.c @@ -1,4 +1,4 @@ -const char pcrs_rcs[] = "$Id: pcrs.c,v 1.44 2014/10/18 11:25:24 fabiankeil Exp $"; +const char pcrs_rcs[] = "$Id: pcrs.c,v 1.45 2014/10/18 11:27:04 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/pcrs.c,v $ @@ -725,7 +725,7 @@ int pcrs_execute_list(pcrs_job *joblist, char *subject, size_t subject_length, c * 1 : job = the pcrs_job to be executed * 2 : subject = the subject (== original) string * 3 : subject_length = the subject's length - * 4 : result = char** for returning the result + * 4 : result = char** for returning the result (NULL on error) * 5 : result_length = size_t* for returning the result's length * * Returns : On success, the number of substitutions that were made. @@ -747,19 +747,18 @@ int pcrs_execute(pcrs_job *job, const char *subject, size_t subject_length, char char *result_offset; offset = i = 0; + *result = NULL; /* * Sanity check & memory allocation */ if (job == NULL || job->pattern == NULL || job->substitute == NULL || NULL == subject) { - *result = NULL; return(PCRS_ERR_BADJOB); } if (NULL == (matches = (pcrs_match *)malloc((size_t)max_matches * sizeof(pcrs_match)))) { - *result = NULL; return(PCRS_ERR_NOMEM); } memset(matches, '\0', (size_t)max_matches * sizeof(pcrs_match)); @@ -806,7 +805,6 @@ int pcrs_execute(pcrs_job *job, const char *subject, size_t subject_length, char if (NULL == (dummy = (pcrs_match *)realloc(matches, (size_t)max_matches * sizeof(pcrs_match)))) { free(matches); - *result = NULL; return(PCRS_ERR_NOMEM); } matches = dummy;