From 2facd747b6bbcd3716841e6213b7b9e9b94c556a Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 6 Dec 2019 17:31:16 +0100 Subject: [PATCH] chain: Correctly check realloc() call Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1778952 Upstream Status: libnftnl commit d95a703746d53 commit d95a703746d5394d56a9f464e343594e4882da0d Author: Phil Sutter Date: Mon Dec 2 23:12:34 2019 +0100 chain: Correctly check realloc() call If realloc() fails, it returns NULL but the original pointer is untouchted and therefore still has to be freed. Unconditionally overwriting the old pointer is therefore a bad idea, use a temporary variable instead. Fixes: e3ac19b5ec162 ("chain: multi-device support") Signed-off-by: Phil Sutter Acked-by: Pablo Neira Ayuso --- src/chain.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/chain.c b/src/chain.c index 9cc8735..b9a16fc 100644 --- a/src/chain.c +++ b/src/chain.c @@ -605,7 +605,7 @@ static int nftnl_chain_parse_hook_cb(const struct nlattr *attr, void *data) static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c) { - const char **dev_array; + const char **dev_array, **tmp; int len = 0, size = 8; struct nlattr *attr; @@ -618,14 +618,13 @@ static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c) goto err; dev_array[len++] = strdup(mnl_attr_get_str(attr)); if (len >= size) { - dev_array = realloc(dev_array, - size * 2 * sizeof(char *)); - if (!dev_array) + tmp = realloc(dev_array, size * 2 * sizeof(char *)); + if (!tmp) goto err; size *= 2; - memset(&dev_array[len], 0, - (size - len) * sizeof(char *)); + memset(&tmp[len], 0, (size - len) * sizeof(char *)); + dev_array = tmp; } } -- 1.8.3.1