These functions would lead to segmentation faults in case of malloc
failures. Therefore, the return values have to be checked for NULL.
Please note:
The function sh_regmatch allows variable "matches" to be NULL. But if
ARRAYS_VARS is defined, the code assumes in a later #ifdef'ed code block
that "matches" was successfully allocated.
---
lib/glob/smatch.c | 2 ++
lib/sh/shmatch.c | 5 +++++
2 files changed, 7 insertions(+)
diff --git a/lib/glob/smatch.c b/lib/glob/smatch.c
index 848610a..68cc4aa 100644
--- a/lib/glob/smatch.c
+++ b/lib/glob/smatch.c
@@ -333,6 +333,8 @@ is_wcclass (wc, name)
memset (&state, '\0', sizeof (mbstate_t));
mbs = (char *) malloc (wcslen(name) * MB_CUR_MAX + 1);
+ if (mbs == NULL)
+ return -1;
mbslength = wcsrtombs (mbs, (const wchar_t **)&name, (wcslen(name) *
MB_CUR_MAX + 1), &state);
if (mbslength == (size_t)-1 || mbslength == (size_t)-2)
diff --git a/lib/sh/shmatch.c b/lib/sh/shmatch.c
index 3abefed..38afa3c 100644
--- a/lib/sh/shmatch.c
+++ b/lib/sh/shmatch.c
@@ -75,6 +75,11 @@ sh_regmatch (string, pattern, flags)
#if defined (ARRAY_VARS)
matches = (regmatch_t *)malloc (sizeof (regmatch_t) * (regex.re_nsub + 1));
+ if (matches == NULL)
+ {
+ regfree (®ex);
+ return 2;
+ }
#else
matches = NULL;
#endif
--
2.3.0
