#28 Not enough space for malloc in hunspell.cxx

closed-fixed
None
5
2010-03-04
2009-08-25
No

From Chromium (known as Google Chrome) malloc issue:

1663 int Hunspell::get_xml_list(char ***slst, char * list, const char * tag) {
1664 int n = 0;
1665 char * p;
1666 if (!list) return 0;
1667 for (p = list; (p = strstr(p, tag)); p++) n++;
1668 if (n == 0) return 0;
1669 *slst = (char **) malloc(sizeof(char *) * n);
1670 if (!*slst) return 0;
1671 for (p = list, n = 0; (p = strstr(p, tag)); p++, n++) {
Event strlen_call: Function strlen called with argument "p"
Event strlen_assign: Variable "l" set to return value of strlen called
with argument "p"
1672 int l = strlen(p);
Event buffer_alloc: Called allocating function "malloc" which
allocated memory dictated by parameter "l"
Event alloc_strlen: Allocated memory does not have space for the
terminating NUL of the string
Event var_assign: Assigned "*slst[n]" to storage allocated by "malloc(l)"
1673 (*slst)[n] = (char *) malloc(l);
At conditional (1): "!*slst[n]" taking true path
At conditional (2): "n > 0" taking false path

Discussion

  • Mohamed Mansour

    Mohamed Mansour - 2009-08-25
    • assigned_to: nobody --> nemethl
     
  • caolan mcnamara

    caolan mcnamara - 2010-02-23

    fix checked in

     
  • caolan mcnamara

    caolan mcnamara - 2010-03-04
    • status: open --> closed-fixed