From owner-svn-src-head@FreeBSD.ORG Sat Mar 28 07:20:39 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B1A0E106566C; Sat, 28 Mar 2009 07:20:39 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 9FAF98FC0A; Sat, 28 Mar 2009 07:20:39 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n2S7Kdqb088177; Sat, 28 Mar 2009 07:20:39 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n2S7Kddd088176; Sat, 28 Mar 2009 07:20:39 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <200903280720.n2S7Kddd088176@svn.freebsd.org> From: Xin LI Date: Sat, 28 Mar 2009 07:20:39 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r190496 - head/lib/libc/db/hash X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Mar 2009 07:20:40 -0000 Author: delphij Date: Sat Mar 28 07:20:39 2009 New Revision: 190496 URL: http://svn.freebsd.org/changeset/base/190496 Log: Plug memory leaks and a potential NULL dereference. Obtained from: OpenBSD Modified: head/lib/libc/db/hash/hash.c Modified: head/lib/libc/db/hash/hash.c ============================================================================== --- head/lib/libc/db/hash/hash.c Sat Mar 28 07:09:51 2009 (r190495) +++ head/lib/libc/db/hash/hash.c Sat Mar 28 07:20:39 2009 (r190496) @@ -163,7 +163,6 @@ __hash_open(const char *file, int flags, */ nsegs = (hashp->MAX_BUCKET + 1 + hashp->SGSIZE - 1) / hashp->SGSIZE; - hashp->nsegs = 0; if (alloc_segs(hashp, nsegs)) /* * If alloc_segs fails, table will have been destroyed @@ -417,6 +416,10 @@ hdestroy(HTAB *hashp) for (i = 0; i < hashp->nmaps; i++) if (hashp->mapp[i]) free(hashp->mapp[i]); + if (hashp->tmp_key) + free(hashp->tmp_key); + if (hashp->tmp_buf) + free(hashp->tmp_buf); if (hashp->fp != -1) (void)_close(hashp->fp); @@ -762,6 +765,8 @@ hash_seq(const DB *dbp, DBT *key, DBT *d if (__big_keydata(hashp, bufp, key, data, 1)) return (ERROR); } else { + if (hashp->cpage == 0) + return (ERROR); key->data = (u_char *)hashp->cpage->page + bp[ndx]; key->size = (ndx > 1 ? bp[ndx - 1] : hashp->BSIZE) - bp[ndx]; data->data = (u_char *)hashp->cpage->page + bp[ndx + 1]; @@ -877,15 +882,18 @@ alloc_segs(HTAB *hashp, int nsegs) errno = save_errno; return (-1); } + hashp->nsegs = nsegs; + if (nsegs == 0) + return (0); /* Allocate segments */ - if ((store = - (SEGMENT)calloc(nsegs << hashp->SSHIFT, sizeof(SEGMENT))) == NULL) { + if ((store = (SEGMENT)calloc(nsegs << hashp->SSHIFT, + sizeof(SEGMENT))) == NULL) { save_errno = errno; (void)hdestroy(hashp); errno = save_errno; return (-1); } - for (i = 0; i < nsegs; i++, hashp->nsegs++) + for (i = 0; i < nsegs; i++) hashp->dir[i] = &store[i << hashp->SSHIFT]; return (0); }