PR# 13690 Multiple unchecked memory allocations in run-time
Problem Report Summary
Submitter: prestoat2000
Category: Runtime
Priority: Medium
Date: 2007/11/29
Class: Bug
Severity: Serious
Number: 13690
Release: 6.1.71281
Confidential: No
Status: Open
Responsible:
Environment: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.0.7) Gecko/20060915 Firefox/1.5.0.7
Solaris 9 on SPARC
Synopsis: Multiple unchecked memory allocations in run-time
Description
There are many occurrences in the run-time of what appear to be calls to malloc or a related routine, where the result is not checked for nullness. This could result in reading from or writing to a null pointer instead of reporting an "out of memory" error. Please check the attached list (some of which are definitely bugs) and fix any that are not dead code. In some cases I wasn't sure if the lack of a check was OK, so there might be some "bugs" in my list. I also included a few unchecked calls to fopen as a bonus. Note that strdup and putenv allocate memory, so they must also be checked for failure.
To Reproduce
Problem Report Interactions
Here are a few more unchecked memory allocations. I think the first one
is definitely a bug. The others are all calls to of the form
xxx = eif_realloc (xxx, SOME_SIZE);
If `xxx' was not NULL before the call and `eif_realloc' returns NULL,
we have a memory leak. If you're going to use `eif_realloc' for this
sort of thing, it seems to me that a better pattern (used elsewhere in
other runtime code) is
my_local = eif_realloc(xxx, SOME_SIZE);
if (!my_local) {
enomem();
}
xxx = my_local;
If `xxx' was already guaranteed to be NULL before the call, you should
use `eif_malloc' instead to avoid confusion.