diff options
author | Edward Welbourne <edward.welbourne@qt.io> | 2016-11-07 10:09:06 +0100 |
---|---|---|
committer | Edward Welbourne <edward.welbourne@qt.io> | 2016-11-23 15:02:15 +0000 |
commit | 0aa3de46cacacdb83efe1d5e5b2506560c93c9ff (patch) | |
tree | 87ad1e068b9652b15e068a47a35dfd8df4c90fa4 /src/corelib/json/qjsonparser_p.h | |
parent | a4bd635b33d08a4b58fb4db8cefd1e0535fb95eb (diff) |
Fix two leaky uses of realloc()
If it fails, we get NULL back but haven't free()d the old pointer;
saving the NULL return over the old pointer forgets it, leaking the
memory it pointed to. This is particularly severe in the JSON
parser's grow(), where reading a very large JSON document can lead to
the last successful realloc() in a doubling pattern being very large
indeed; the subsequent failure will leak this very last allocation.
Only worth checking for, however, when the subsequent code takes care
to handle failure: in most cases, if realloc() fails, we're about to
crash anyway.
Change-Id: Icd3a503f169be224f0a058c58e8b7c82a3241ae7
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Anton Kudryavtsev <antkudr@mail.ru>
Diffstat (limited to 'src/corelib/json/qjsonparser_p.h')
-rw-r--r-- | src/corelib/json/qjsonparser_p.h | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/corelib/json/qjsonparser_p.h b/src/corelib/json/qjsonparser_p.h index 82a7899a51..b17d75fb3a 100644 --- a/src/corelib/json/qjsonparser_p.h +++ b/src/corelib/json/qjsonparser_p.h @@ -101,11 +101,12 @@ private: inline int reserveSpace(int space) { if (current + space >= dataLength) { dataLength = 2*dataLength + space; - data = (char *)realloc(data, dataLength); - if (!data) { + char *newData = (char *)realloc(data, dataLength); + if (!newData) { lastError = QJsonParseError::DocumentTooLarge; return -1; } + data = newData; } int pos = current; current += space; |