From 160c02c8071b8948231a229ec6247cf0792c389a Mon Sep 17 00:00:00 2001
From: Filip Krska <fkrska@redhat.com>
Date: Tue, 20 Oct 2015 18:25:38 +0200
Subject: [PATCH 1/2] lex.c: fix malloc() signal leak in lexsave()

The bug appears not to affect upstream master, where the function

lexsave(void)
 ... 1x malloc, 1x zalloc

was rewritten to

lex_context_save(struct lex_stack *ls, int toplevel)
  ... no *alloc at all

Recheck of any possible malloc() signal leaks in current RHEL 6 zsh code needed.
---
 Src/lex.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Src/lex.c b/Src/lex.c
index 33f6430..0c7f539 100644
--- a/Src/lex.c
+++ b/Src/lex.c
@@ -264,7 +264,7 @@ lexsave_partial(int parts)
 {
     struct lexstack *ls;
 
-    ls = (struct lexstack *)malloc(sizeof(struct lexstack));
+    ls = (struct lexstack *)zalloc(sizeof(struct lexstack));
 
     if (parts & ZCONTEXT_LEX) {
 	ls->incmdpos = incmdpos;
-- 
2.5.2


From 861e4cd5f8ba169f5f63ca1efffdc8ebac5a3d61 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 20 Oct 2015 18:27:15 +0200
Subject: [PATCH 2/2] mem.c: queue signals while calling malloc() in realloc()

Bug: https://bugzilla.redhat.com/1267903#c6
---
 Src/mem.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/Src/mem.c b/Src/mem.c
index 9492a60..75622c6 100644
--- a/Src/mem.c
+++ b/Src/mem.c
@@ -1513,8 +1513,13 @@ realloc(MALLOC_RET_T p, MALLOC_ARG_T size)
     int i, l = 0;
 
     /* some system..., see above */
-    if (!p && size)
-	return (MALLOC_RET_T) malloc(size);
+    if (!p && size) {
+	queue_signals();
+	r = malloc(size);
+	unqueue_signals();
+	return (MALLOC_RET_T) r;
+    }
+
     /* and some systems even do this... */
     if (!p || !size)
 	return (MALLOC_RET_T) p;
-- 
2.5.2