core: Fix realloc() memory leak in packet reassembly
If realloc() returns NULL then the provided memory is not freed and we
then leak it by overwriting the pointer that would allow us to free it.
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Idd093e007c264ae1bd6d40110eb4bd205336c224
diff --git a/core.c b/core.c
index e7f5689..52961fd 100644
--- a/core.c
+++ b/core.c
@@ -201,6 +201,7 @@
if (ctx->buf_size + len > ctx->buf_alloc_size) {
size_t new_alloc_size;
+ void *lbuf;
/* @todo: finer-grained allocation, size limits */
if (!ctx->buf_alloc_size) {
@@ -208,8 +209,15 @@
} else {
new_alloc_size = ctx->buf_alloc_size * 2;
}
- ctx->buf = __mctp_realloc(ctx->buf, new_alloc_size);
- ctx->buf_alloc_size = new_alloc_size;
+
+ lbuf = __mctp_realloc(ctx->buf, new_alloc_size);
+ if (lbuf) {
+ ctx->buf = lbuf;
+ ctx->buf_alloc_size = new_alloc_size;
+ } else {
+ __mctp_free(ctx->buf);
+ return -1;
+ }
}
memcpy(ctx->buf + ctx->buf_size, mctp_pktbuf_data(pkt), len);