From 13ad22b4bc75feb71cefc6b9c0c9cb81ff8c73c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= Date: Mon, 5 Aug 2024 13:35:03 +0300 Subject: [PATCH] Check return value of vasprintf() With glibc, on allocation failure it doesn't set the pointer to NULL but instead conveniently leaves it undefined. The BSD version is defined in a better way and sets the pointer to NULL to avoid further footguns. Simply abort() on allocation failure. In the other code paths where malloc() is used, allocation failures are not checked like everywhere else in orc but it is assumed that dereferencing a NULL pointer simply crashes the process. Technically this is of course still undefined behaviour. Part-of: --- orc/orccompiler.c | 3 ++- orc/orcparse.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/orc/orccompiler.c b/orc/orccompiler.c index 617ae295..3bc7da61 100644 --- a/orc/orccompiler.c +++ b/orc/orccompiler.c @@ -1490,7 +1490,8 @@ orc_compiler_error_valist (OrcCompiler *compiler, const char *fmt, if (compiler->error_msg) return; #ifdef HAVE_VASPRINTF - vasprintf (&s, fmt, args); + if (vasprintf (&s, fmt, args) < 0) + ORC_ASSERT (0); #elif defined(_UCRT) s = malloc (ORC_COMPILER_ERROR_BUFFER_SIZE); vsnprintf_s (s, ORC_COMPILER_ERROR_BUFFER_SIZE, _TRUNCATE, fmt, args); diff --git a/orc/orcparse.c b/orc/orcparse.c index abeb9f59..aa91395e 100644 --- a/orc/orcparse.c +++ b/orc/orcparse.c @@ -430,7 +430,8 @@ orc_parse_add_error_valist (OrcParser *parser, const char *format, va_list args) #ifdef HAVE_VASPRINTF char *text = NULL; - vasprintf (&text, format, args); + if (vasprintf (&text, format, args) < 0) + ORC_ASSERT (0); #elif defined(_UCRT) char text[ORC_ERROR_LENGTH] = { '\0' }; vsnprintf_s (text, ORC_ERROR_LENGTH, _TRUNCATE, format, args); -- GitLab