Commit 52b74144 authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa

Fix 0 size malloc, part 2

parent 1b79114d
......@@ -515,11 +515,18 @@ int nghttp2_frame_unpack_settings_payload(nghttp2_settings *frame,
{
size_t payloadlen = niv * sizeof(nghttp2_settings_entry);
if(niv == 0) {
frame->iv = NULL;
} else {
frame->iv = malloc(payloadlen);
if(frame->iv == NULL) {
return NGHTTP2_ERR_NOMEM;
}
memcpy(frame->iv, iv, payloadlen);
}
frame->niv = niv;
return 0;
}
......@@ -537,15 +544,27 @@ int nghttp2_frame_unpack_settings_payload2(nghttp2_settings_entry **iv_ptr,
size_t payloadlen)
{
size_t i;
*niv_ptr = payloadlen / NGHTTP2_FRAME_SETTINGS_ENTRY_LENGTH;
if(*niv_ptr == 0) {
*iv_ptr = NULL;
return 0;
}
*iv_ptr = malloc((*niv_ptr)*sizeof(nghttp2_settings_entry));
if(*iv_ptr == NULL) {
return NGHTTP2_ERR_NOMEM;
}
for(i = 0; i < *niv_ptr; ++i) {
size_t off = i * NGHTTP2_FRAME_SETTINGS_ENTRY_LENGTH;
nghttp2_frame_unpack_settings_entry(&(*iv_ptr)[i], &payload[off]);
}
return 0;
}
......@@ -829,11 +848,19 @@ nghttp2_settings_entry* nghttp2_frame_iv_copy(const nghttp2_settings_entry *iv,
{
nghttp2_settings_entry *iv_copy;
size_t len = niv*sizeof(nghttp2_settings_entry);
if(len == 0) {
return NULL;
}
iv_copy = malloc(len);
if(iv_copy == NULL) {
return NULL;
}
memcpy(iv_copy, iv, len);
return iv_copy;
}
......
......@@ -74,7 +74,13 @@ int nghttp2_reserve_buffer(uint8_t **buf_ptr, size_t *buflen_ptr,
void* nghttp2_memdup(const void* src, size_t n)
{
void* dest = malloc(n);
void* dest;
if(n == 0) {
return NULL;
}
dest = malloc(n);
if(dest == NULL) {
return NULL;
}
......
......@@ -4814,6 +4814,7 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session,
varlen = iframe->frame.hd.length - 8;
if(varlen > 0) {
iframe->raw_lbuf = malloc(varlen);
if(iframe->raw_lbuf == NULL) {
......@@ -4821,6 +4822,7 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session,
}
nghttp2_buf_wrap_init(&iframe->lbuf, iframe->raw_lbuf, varlen);
}
busy = 1;
......@@ -5528,11 +5530,16 @@ int nghttp2_session_add_settings(nghttp2_session *session, uint8_t flags,
if(frame == NULL) {
return NGHTTP2_ERR_NOMEM;
}
if(niv > 0) {
iv_copy = nghttp2_frame_iv_copy(iv, niv);
if(iv_copy == NULL) {
free(frame);
return NGHTTP2_ERR_NOMEM;
}
} else {
iv_copy = NULL;
}
if((flags & NGHTTP2_FLAG_ACK) == 0) {
if(niv > 0) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment