| Subject: | Missing sanity check for malloc() in const2perl.h (CPAN) |
| Date: | Fri, 4 Sep 2015 10:03:32 -0700 |
| To: | bug-Win32API-File [...] rt.cpan.org |
| From: | Bill Parker <wp02855 [...] gmail.com> |
Hello All,
I'm not sure if this is the correct forum to post this, but
here goes anyways :). In reviewing source code in perl-5.22.0,
in directory 'perl-5.22.0/cpan/Win32API-File', file
'const2perl.h', I found a couple of calls to malloc() which are
not checked for a return value of NULL, indicating failure.
The patch file below should address/correct these issues:
--- const2perl.h.orig 2015-09-03 18:03:43.161000000 -0700
+++ const2perl.h 2015-09-03 18:09:24.673000000 -0700
@@ -90,6 +90,11 @@
SV **pSv= hv_fetch( mHvStash, "EXPORT_FAIL", 11, TRUE );
GV *gv;
char *sVarName= (char *) malloc( 15+strlen(sModName) );
+ if ( NULL == sVarName ) {
+ fprintf( stderr, "Can't allocate %"UVuf"-byte buffer (errno=%d)\n",
+ U_V(lLen), _errno );
+ exit ( 1 );
+ }
strcpy( sVarName, sModName );
strcat( sVarName, "::EXPORT_FAIL" );
gv= gv_fetchpv( sVarName, 1, SVt_PVAV );
@@ -152,6 +157,11 @@
SV *mpSvNew; \
{ char *sVarName= malloc( 15+strlen(sModName) ); \
GV *gv; \
+ if ( NULL == sVarName ) { \
+ fprintf( stderr, "Can't allocate %"UVuf"-byte buffer
(errno=%d)\n", \
+ U_V(lLen), _errno ); \
+ exit ( 1 ); \
+ } \
strcpy( sVarName, sModName ); \
strcat( sVarName, "::EXPORT_FAIL" ); \
gv= gv_fetchpv( sVarName, 1, SVt_PVAV ); \
I am attaching the patch file to this bug report...
Questions, Comments, Suggestions, Complaints? :)
Bill Parker (wp02855 at gmail dot com)
Message body is not shown because sender requested not to inline it.