[Bug-wget] Missing sanity checks for malloc()/calloc()/realloc() in wget-1.1x

[Bill Parker]

Hello All,

   In directory 'src', file 'warc.c', I found some instances where malloc()
is called, but with no corresponding check for NULL, indicating failure.

In directory 'lib', in file 'getopt.c', there is a call to malloc()
at line 521, without a check for a return value of NULL, which would
indicate failure.  The patch file which corrects this issue is below:

--- getopt.c.orig       2015-04-10 16:06:03.548095111 -0700
+++ getopt.c    2015-04-10 16:11:04.544350187 -0700
@@ -521,6 +521,10 @@
               {
                 /* Second or later nonexact match found.  */
                 struct option_list *newp = malloc (sizeof (*newp));
+               if (newp == NULL) { /* oops, malloc() failed, now what? */
+                   /* FIXME - what code do we need here? */
+                   fprintf(stderr, "Error: Unable to allocate memory for
newp...\n");
+               }
                 newp->p = p;
                 newp->next = ambig_list;
                 ambig_list = newp;

In directory 'lib', file 'regcomp.c', at line 894, there is a call
to calloc() without a check for a return value of NULL, indicating
failure.  The patch file below corrects this issue:

--- regcomp.c.orig      2015-04-10 16:17:40.579684242 -0700
+++ regcomp.c   2015-04-10 16:19:14.432612466 -0700
@@ -894,6 +894,8 @@
       break;

   dfa->state_table = calloc (sizeof (struct re_state_table_entry),
table_size);
+  if (BE (dfa->state_table == NULL, 0)) /* couldn't allocate memory, now
what? */
+    return REG_ESPACE;
   dfa->state_hash_mask = table_size - 1;

   dfa->mb_cur_max = MB_CUR_MAX;

I am attaching the patch files to this bug report...

Bill Parker (wp02855 at gmail dot com)

getopt.c.patch
Description: Binary data

regcomp.c.patch
Description: Binary data