From: Andrew R. <and...@us...> - 2006-11-30 16:56:04
|
Update of /cvsroot/plplot/plplot/src In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv24026/src Modified Files: plbuf.c Log Message: Fix bug with allocating extra space for the memory buffers. There was no check that the extra amount allocated was sufficient. For large blocks of data (e.g. plotting the image of lena in example 20) this could result in a buffer overflow and segementation fault. Example 20 now works again. Also ensure that the buffer is properly freed once it is finished with to prevent memory leak. (Leak found and checked using valgrind.) Index: plbuf.c =================================================================== RCS file: /cvsroot/plplot/plplot/src/plbuf.c,v retrieving revision 1.14 retrieving revision 1.15 diff -u -d -r1.14 -r1.15 --- plbuf.c 27 Oct 2006 18:24:27 -0000 1.14 +++ plbuf.c 30 Nov 2006 16:56:03 -0000 1.15 @@ -194,6 +194,12 @@ fclose(pls->plbufFile) pls->plbufFile = NULL; +#else + if (pls->plbuf_buffer == NULL) + return; + + free(pls->plbuf_buffer); + pls->plbuf_buffer = NULL; #endif } @@ -929,8 +935,12 @@ plio_fwrite(buf, buf_size, 1, pls->plbufFile); #else if ((pls->plbuf_top + buf_size) >= pls->plbuf_buffer_size) { - /* Not enough space, need to grow the buffer */ - pls->plbuf_buffer_size += pls->plbuf_buffer_grow; + /* Not enough space, need to grow the buffer */ + /* Must make sure the increase is enough for this data */ + pls->plbuf_buffer_size += pls->plbuf_buffer_grow * + ((pls->plbuf_top + buf_size - pls->plbuf_buffer_size) / + pls->plbuf_buffer_grow + 1); + while (pls->plbuf_top + buf_size >= pls->plbuf_buffer_size); if ((pls->plbuf_buffer = realloc(pls->plbuf_buffer, pls->plbuf_buffer_size)) == NULL) plexit("plbuf wr_data: Plot buffer grow failed"); |