Commit c6ab0790 authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

don't leak if realloc fails (ITS#4477); s/new/newptr/

parent 721e1c87
...@@ -128,7 +128,11 @@ slap_sl_mem_create( ...@@ -128,7 +128,11 @@ slap_sl_mem_create(
(void *)sh, slap_sl_mem_destroy); (void *)sh, slap_sl_mem_destroy);
#endif #endif
} else if ( size > (char *)sh->sh_end - (char *)sh->sh_base ) { } else if ( size > (char *)sh->sh_end - (char *)sh->sh_base ) {
sh->sh_base = ch_realloc(sh->sh_base, size); void *newptr;
newptr = ch_realloc( sh->sh_base, size );
if ( newptr == NULL ) return NULL;
sh->sh_base = newptr;
} }
sh->sh_last = sh->sh_base; sh->sh_last = sh->sh_base;
sh->sh_end = (char *) sh->sh_base + size; sh->sh_end = (char *) sh->sh_base + size;
...@@ -185,7 +189,11 @@ slap_sl_mem_create( ...@@ -185,7 +189,11 @@ slap_sl_mem_create(
} }
if (size > (char *)sh->sh_end - (char *)sh->sh_base) { if (size > (char *)sh->sh_end - (char *)sh->sh_base) {
sh->sh_base = realloc(sh->sh_base, size); void *newptr;
newptr = realloc( sh->sh_base, size );
if ( newptr == NULL ) return NULL;
sh->sh_base = newptr;
} }
} }
sh->sh_end = (char *)sh->sh_base + size; sh->sh_end = (char *)sh->sh_base + size;
...@@ -249,7 +257,7 @@ slap_sl_malloc( ...@@ -249,7 +257,7 @@ slap_sl_malloc(
int pad = 2*sizeof(int)-1, pad_shift; int pad = 2*sizeof(int)-1, pad_shift;
int order = -1, order_start = -1; int order = -1, order_start = -1;
struct slab_object *so_new, *so_left, *so_right; struct slab_object *so_new, *so_left, *so_right;
ber_len_t *ptr, *new; ber_len_t *ptr, *newptr;
unsigned long diff; unsigned long diff;
int i, j; int i, j;
...@@ -267,10 +275,10 @@ slap_sl_malloc( ...@@ -267,10 +275,10 @@ slap_sl_malloc(
(long)size, 0, 0); (long)size, 0, 0);
return ch_malloc(size); return ch_malloc(size);
} }
new = sh->sh_last; newptr = sh->sh_last;
*new++ = size - sizeof(ber_len_t); *newptr++ = size - sizeof(ber_len_t);
sh->sh_last = (char *) sh->sh_last + size; sh->sh_last = (char *) sh->sh_last + size;
return( (void *)new ); return( (void *)newptr );
} else { } else {
size_shift = size - 1; size_shift = size - 1;
do { do {
...@@ -338,13 +346,13 @@ slap_sl_malloc( ...@@ -338,13 +346,13 @@ slap_sl_malloc(
void * void *
slap_sl_calloc( ber_len_t n, ber_len_t size, void *ctx ) slap_sl_calloc( ber_len_t n, ber_len_t size, void *ctx )
{ {
void *new; void *newptr;
new = slap_sl_malloc( n*size, ctx ); newptr = slap_sl_malloc( n*size, ctx );
if ( new ) { if ( newptr ) {
memset( new, 0, n*size ); memset( newptr, 0, n*size );
} }
return new; return newptr;
} }
void * void *
...@@ -352,7 +360,7 @@ slap_sl_realloc(void *ptr, ber_len_t size, void *ctx) ...@@ -352,7 +360,7 @@ slap_sl_realloc(void *ptr, ber_len_t size, void *ctx)
{ {
struct slab_heap *sh = ctx; struct slab_heap *sh = ctx;
int pad = 2*sizeof(int) -1; int pad = 2*sizeof(int) -1;
ber_len_t *p = (ber_len_t *)ptr, *new; ber_len_t *p = (ber_len_t *)ptr, *newptr;
if (ptr == NULL) if (ptr == NULL)
return slap_sl_malloc(size, ctx); return slap_sl_malloc(size, ctx);
...@@ -360,9 +368,9 @@ slap_sl_realloc(void *ptr, ber_len_t size, void *ctx) ...@@ -360,9 +368,9 @@ slap_sl_realloc(void *ptr, ber_len_t size, void *ctx)
/* Not our memory? */ /* Not our memory? */
if (!sh || ptr < sh->sh_base || ptr >= sh->sh_end) { if (!sh || ptr < sh->sh_base || ptr >= sh->sh_end) {
/* duplicate of realloc behavior, oh well */ /* duplicate of realloc behavior, oh well */
new = ber_memrealloc_x(ptr, size, NULL); newptr = ber_memrealloc_x(ptr, size, NULL);
if (new) { if (newptr) {
return new; return newptr;
} }
Debug(LDAP_DEBUG_ANY, "ch_realloc of %lu bytes failed\n", Debug(LDAP_DEBUG_ANY, "ch_realloc of %lu bytes failed\n",
(long) size, 0, 0); (long) size, 0, 0);
...@@ -382,31 +390,32 @@ slap_sl_realloc(void *ptr, ber_len_t size, void *ctx) ...@@ -382,31 +390,32 @@ slap_sl_realloc(void *ptr, ber_len_t size, void *ctx)
/* Never shrink blocks */ /* Never shrink blocks */
if (size <= p[-1]) { if (size <= p[-1]) {
new = p; newptr = p;
/* If reallocing the last block, we can grow it */ /* If reallocing the last block, we can grow it */
} else if ((char *)ptr + p[-1] == sh->sh_last && } else if ((char *)ptr + p[-1] == sh->sh_last &&
(char *)ptr + size < (char *)sh->sh_end ) { (char *)ptr + size < (char *)sh->sh_end ) {
new = p; newptr = p;
sh->sh_last = (char *)sh->sh_last + size - p[-1]; sh->sh_last = (char *)sh->sh_last + size - p[-1];
p[-1] = size; p[-1] = size;
/* Nowhere to grow, need to alloc and copy */ /* Nowhere to grow, need to alloc and copy */
} else { } else {
new = slap_sl_malloc(size, ctx); newptr = slap_sl_malloc(size, ctx);
AC_MEMCPY(new, ptr, p[-1]); AC_MEMCPY(newptr, ptr, p[-1]);
} }
return new; return newptr;
} else { } else {
void *newptr; void *newptr2;
newptr = slap_sl_malloc(size, ctx);
newptr2 = slap_sl_malloc(size, ctx);
if (size < p[-1]) { if (size < p[-1]) {
AC_MEMCPY(newptr, ptr, size); AC_MEMCPY(newptr2, ptr, size);
} else { } else {
AC_MEMCPY(newptr, ptr, p[-1]); AC_MEMCPY(newptr2, ptr, p[-1]);
} }
slap_sl_free(ptr, ctx); slap_sl_free(ptr, ctx);
return newptr; return newptr2;
} }
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment