I noticed mp_buf_append and mp_buf_new are not sanitizing the result to mp_realloc.
The Lua documentation states that when the pointer is non-null is must behave like realloc (and in the default case it is: return realloc(ptr, nsize)). In turn, when realloc fails the original block is left untouched and NULL is returned, which paths into a memcpy (and likely segmenta.... fau.. or something else entirely dependent on buf->len).
While a minor issue, a bit of defensive programming here would not hurt.
I noticed mp_buf_append and mp_buf_new are not sanitizing the result to mp_realloc.
The Lua documentation states that when the pointer is non-null is must behave like realloc (and in the default case it is:
return realloc(ptr, nsize)
). In turn, when realloc fails the original block is left untouched and NULL is returned, which paths into a memcpy (and likely segmenta.... fau.. or something else entirely dependent onbuf->len
).While a minor issue, a bit of defensive programming here would not hurt.