Fix two leaky uses of realloc()

If it fails, we get NULL back but haven't free()d the old pointer;
saving the NULL return over the old pointer forgets it, leaking the
memory it pointed to.  This is particularly severe in the JSON
parser's grow(), where reading a very large JSON document can lead to
the last successful realloc() in a doubling pattern being very large
indeed; the subsequent failure will leak this very last allocation.

Only worth checking for, however, when the subsequent code takes care
to handle failure: in most cases, if realloc() fails, we're about to
crash anyway.

Change-Id: Icd3a503f169be224f0a058c58e8b7c82a3241ae7
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Anton Kudryavtsev <antkudr@mail.ru>

1 files changed, 3 insertions, 2 deletions

diff --git a/src/corelib/json/qjsonparser_p.h b/src/corelib/json/qjsonparser_p.h
index 82a7899a51..b17d75fb3a 100644
--- a/src/corelib/json/qjsonparser_p.h
+++ b/src/corelib/json/qjsonparser_p.h
@@ -101,11 +101,12 @@ private:
     inline int reserveSpace(int space) {
         if (current + space >= dataLength) {
             dataLength = 2*dataLength + space;
-            data = (char *)realloc(data, dataLength);
-            if (!data) {
+            char *newData = (char *)realloc(data, dataLength);
+            if (!newData) {
                 lastError = QJsonParseError::DocumentTooLarge;
                 return -1;
             }
+            data = newData;
         }
         int pos = current;
         current += space;