From da000ba4a6841b1bd55344c75c595aabdd830cd7 Mon Sep 17 00:00:00 2001 From: Pierre-Marc Fournier Date: Wed, 17 Feb 2010 12:21:01 -0500 Subject: [PATCH] libustcomm: fix segfault caused by incorrect initialization of buffer size --- libustcomm/ustcomm.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/libustcomm/ustcomm.c b/libustcomm/ustcomm.c index e1a2d5b..0d2ab33 100644 --- a/libustcomm/ustcomm.c +++ b/libustcomm/ustcomm.c @@ -157,11 +157,12 @@ int ustcomm_request_consumer(pid_t pid, const char *channel) } /* returns 1 to indicate a message was received - * returns 0 to indicate no message was received (cannot happen) + * returns 0 to indicate no message was received (end of stream) * returns -1 to indicate an error */ #define RECV_INCREMENT 1 +#define RECV_INITIAL_BUF_SIZE 10 static int recv_message_fd(int fd, char **msg) { @@ -170,13 +171,20 @@ static int recv_message_fd(int fd, char **msg) char *buf = NULL; int buf_used_size = 0; - buf = malloc(10); - buf_alloc_size = 16; + buf = malloc(RECV_INITIAL_BUF_SIZE); + buf_alloc_size = RECV_INITIAL_BUF_SIZE; for(;;) { if(buf_used_size + RECV_INCREMENT > buf_alloc_size) { + char *new_buf; buf_alloc_size *= 2; - buf = (char *) realloc(buf, buf_alloc_size); + new_buf = (char *) realloc(buf, buf_alloc_size); + if(new_buf == NULL) { + ERR("realloc returned NULL"); + free(buf); + return -1; + } + buf = new_buf; } /* FIXME: this is really inefficient; but with count>1 we would @@ -197,7 +205,6 @@ static int recv_message_fd(int fd, char **msg) } } - buf_used_size += result; if(buf[buf_used_size-1] == 0) { -- 2.34.1