[lxc-devel] [lxc/master] utils: fix lxc_string_split()

brauner on Github lxc-bot at linuxcontainers.org
Sun Sep 25 15:21:40 UTC 2016 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 418 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160925/95831942/attachment.bin>
-------------- next part --------------
From 605ea1f73b0997e42ec5ac43e4d7a07debc54368 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at canonical.com>
Date: Sun, 25 Sep 2016 16:51:24 +0200
Subject: [PATCH] utils: fix lxc_string_split()

Make sure we don't return uninitialized memory.

Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
---
 src/lxc/utils.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 9a6ef4b..c72c26a 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -774,8 +774,8 @@ bool lxc_string_in_list(const char *needle, const char *haystack, char _sep)
 char **lxc_string_split(const char *string, char _sep)
 {
 	char *token, *str, *saveptr = NULL;
-	char sep[2] = { _sep, '\0' };
-	char **result = NULL;
+	char sep[2] = {_sep, '\0'};
+	char **tmp = NULL, **result = NULL;
 	size_t result_capacity = 0;
 	size_t result_count = 0;
 	int r, saved_errno;
@@ -783,7 +783,7 @@ char **lxc_string_split(const char *string, char _sep)
 	if (!string)
 		return calloc(1, sizeof(char *));
 
-	str = alloca(strlen(string)+1);
+	str = alloca(strlen(string) + 1);
 	strcpy(str, string);
 	for (; (token = strtok_r(str, sep, &saveptr)); str = NULL) {
 		r = lxc_grow_array((void ***)&result, &result_capacity, result_count + 1, 16);
@@ -796,7 +796,14 @@ char **lxc_string_split(const char *string, char _sep)
 	}
 
 	/* if we allocated too much, reduce it */
-	return realloc(result, (result_count + 1) * sizeof(char *));
+	tmp = realloc(result, (result_count + 1) * sizeof(char *));
+	if (!tmp)
+		goto error_out;
+	result = tmp;
+	/* Make sure we don't return uninitialized memory. */
+	if (result_count == 0)
+		*result = NULL;
+	return result;
 error_out:
 	saved_errno = errno;
 	lxc_free_array((void **)result, free);

More information about the lxc-devel mailing list