From 0aa3de46cacacdb83efe1d5e5b2506560c93c9ff Mon Sep 17 00:00:00 2001
From: Edward Welbourne <edward.welbourne@qt.io>
Date: Mon, 7 Nov 2016 10:09:06 +0100
Subject: Fix two leaky uses of realloc()

If it fails, we get NULL back but haven't free()d the old pointer;
saving the NULL return over the old pointer forgets it, leaking the
memory it pointed to.  This is particularly severe in the JSON
parser's grow(), where reading a very large JSON document can lead to
the last successful realloc() in a doubling pattern being very large
indeed; the subsequent failure will leak this very last allocation.

Only worth checking for, however, when the subsequent code takes care
to handle failure: in most cases, if realloc() fails, we're about to
crash anyway.

Change-Id: Icd3a503f169be224f0a058c58e8b7c82a3241ae7
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Anton Kudryavtsev <antkudr@mail.ru>
---
 src/corelib/json/qjsonparser.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/corelib/json/qjsonparser.cpp')

diff --git a/src/corelib/json/qjsonparser.cpp b/src/corelib/json/qjsonparser.cpp
index c7b16d5ec9..a23741a85c 100644
--- a/src/corelib/json/qjsonparser.cpp
+++ b/src/corelib/json/qjsonparser.cpp
@@ -491,9 +491,10 @@ namespace {
                 memcpy(newValues, data, size*sizeof(QJsonPrivate::Value));
                 data = newValues;
             } else {
-                data = static_cast<QJsonPrivate::Value *>(realloc(data, alloc*sizeof(QJsonPrivate::Value)));
-                if (!data)
+                void *newValues = realloc(data, alloc * sizeof(QJsonPrivate::Value));
+                if (!newValues)
                     return false;
+                data = static_cast<QJsonPrivate::Value *>(newValues);
             }
             return true;
         }
-- 
cgit v1.2.3