From 160c02c8071b8948231a229ec6247cf0792c389a Mon Sep 17 00:00:00 2001 From: Filip Krska Date: Tue, 20 Oct 2015 18:25:38 +0200 Subject: [PATCH 1/2] lex.c: fix malloc() signal leak in lexsave() The bug appears not to affect upstream master, where the function lexsave(void) ... 1x malloc, 1x zalloc was rewritten to lex_context_save(struct lex_stack *ls, int toplevel) ... no *alloc at all Recheck of any possible malloc() signal leaks in current RHEL 6 zsh code needed. --- Src/lex.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Src/lex.c b/Src/lex.c index 33f6430..0c7f539 100644 --- a/Src/lex.c +++ b/Src/lex.c @@ -264,7 +264,7 @@ lexsave_partial(int parts) { struct lexstack *ls; - ls = (struct lexstack *)malloc(sizeof(struct lexstack)); + ls = (struct lexstack *)zalloc(sizeof(struct lexstack)); if (parts & ZCONTEXT_LEX) { ls->incmdpos = incmdpos; -- 2.5.2 From 861e4cd5f8ba169f5f63ca1efffdc8ebac5a3d61 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Tue, 20 Oct 2015 18:27:15 +0200 Subject: [PATCH 2/2] mem.c: queue signals while calling malloc() in realloc() Bug: https://bugzilla.redhat.com/1267903#c6 --- Src/mem.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/Src/mem.c b/Src/mem.c index 9492a60..75622c6 100644 --- a/Src/mem.c +++ b/Src/mem.c @@ -1513,8 +1513,13 @@ realloc(MALLOC_RET_T p, MALLOC_ARG_T size) int i, l = 0; /* some system..., see above */ - if (!p && size) - return (MALLOC_RET_T) malloc(size); + if (!p && size) { + queue_signals(); + r = malloc(size); + unqueue_signals(); + return (MALLOC_RET_T) r; + } + /* and some systems even do this... */ if (!p || !size) return (MALLOC_RET_T) p; -- 2.5.2