Skip Menu |
 

This queue is for tickets about the Win32API-File CPAN distribution.

Report information
The Basics
Id: 106883
Status: new
Priority: 0/
Queue: Win32API-File

People
Owner: Nobody in particular
Requestors: wp02855 [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Missing sanity check for malloc() in const2perl.h (CPAN)
Date: Fri, 4 Sep 2015 10:03:32 -0700
To: bug-Win32API-File [...] rt.cpan.org
From: Bill Parker <wp02855 [...] gmail.com>
Download (untitled) / with headers
text/plain 1.6k
Hello All, I'm not sure if this is the correct forum to post this, but here goes anyways :). In reviewing source code in perl-5.22.0, in directory 'perl-5.22.0/cpan/Win32API-File', file 'const2perl.h', I found a couple of calls to malloc() which are not checked for a return value of NULL, indicating failure. The patch file below should address/correct these issues: --- const2perl.h.orig 2015-09-03 18:03:43.161000000 -0700 +++ const2perl.h 2015-09-03 18:09:24.673000000 -0700 @@ -90,6 +90,11 @@ SV **pSv= hv_fetch( mHvStash, "EXPORT_FAIL", 11, TRUE ); GV *gv; char *sVarName= (char *) malloc( 15+strlen(sModName) ); + if ( NULL == sVarName ) { + fprintf( stderr, "Can't allocate %"UVuf"-byte buffer (errno=%d)\n", + U_V(lLen), _errno ); + exit ( 1 ); + } strcpy( sVarName, sModName ); strcat( sVarName, "::EXPORT_FAIL" ); gv= gv_fetchpv( sVarName, 1, SVt_PVAV ); @@ -152,6 +157,11 @@ SV *mpSvNew; \ { char *sVarName= malloc( 15+strlen(sModName) ); \ GV *gv; \ + if ( NULL == sVarName ) { \ + fprintf( stderr, "Can't allocate %"UVuf"-byte buffer (errno=%d)\n", \ + U_V(lLen), _errno ); \ + exit ( 1 ); \ + } \ strcpy( sVarName, sModName ); \ strcat( sVarName, "::EXPORT_FAIL" ); \ gv= gv_fetchpv( sVarName, 1, SVt_PVAV ); \ I am attaching the patch file to this bug report... Questions, Comments, Suggestions, Complaints? :) Bill Parker (wp02855 at gmail dot com)
Download const2perl.h.patch
text/x-diff 965b

Message body is not shown because sender requested not to inline it.



This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.