search

lucasg / Dependencies

A rewrite of the old legacy software "depends.exe" in C# for Windows devs to troubleshoot dll load dependencies issues.
MIT License
8.47k stars 697 forks source link

MEDIUM: Potentially Unsafe Code - Potential Memory Leak #246

Open DawmosTomie opened 8 months ago

DawmosTomie commented 8 months ago

Dear author, Hello! I found a small security breach, I've modified it, I hope you can merge it。 (My English is not very good, I hope the wording does not offend you)

Description-MEDIUM: Potentially Unsafe Code - Potential Memory Leak

Line: 71 - Dependencies\third_party\phlib\jsonc\arraylist.c Source code may experience memory leaks when attempting to extend arrays. If the realloc function fails and returns NULL, the original memory is still retained.

Solution

solve this problem by checking the return value of realloc after calling it. If realloc returns NULL, the original memory should be freed and an error returned.

Modified code


{
  void *t;
  int new_size;

  if(max < arr->size) return 0;
  new_size = json_max(arr->size << 1, max);
  t = realloc(arr->array, new_size*sizeof(void*));
  if(!t) {
    free(arr->array);
    return -1;
  }
  arr->array = (void**)t;
  (void)memset(arr->array + arr->size, 0, (new_size-arr->size)*sizeof(void*));
  arr->size = new_size;
  return 0;
}```