@@ -1,3 +1,8 @@

+Sat May 26 00:31:10 CEST 2007 (tk)

+----------------------------------

+  * libclamav: fix some possible error path leaks by changing cli_realloc()

+	       to cli_realloc2()

+

 Fri May 25 21:39:53 CEST 2007 (tk)

 ----------------------------------

   * libclamav/others.[ch]: add cli_realloc2()

@@ -791,7 +791,7 @@ static iconv_t iconv_open_cached(const unsigned char* fromcode)

 	idx = cache->last++;

 	if(idx >= cache->len) {

 		cache->len += 16;

-		cache->tab = cli_realloc(cache->tab, cache->len*sizeof(cache->tab[0]));

+		cache->tab = cli_realloc2(cache->tab, cache->len*sizeof(cache->tab[0]));

 		if(!cache->tab) {

 			cli_dbgmsg("!Out of mem in iconv-pool\n");

 			errno = ENOMEM;

@@ -303,18 +303,18 @@ static void html_tag_arg_add(tag_arguments_t *tags,

 {

 	int len, i;

 	tags->count++;

-	tags->tag = (unsigned char **) cli_realloc(tags->tag,

+	tags->tag = (unsigned char **) cli_realloc2(tags->tag,

 				tags->count * sizeof(char *));

 	if (!tags->tag) {

 		goto abort;

 	}

-	tags->value = (unsigned char **) cli_realloc(tags->value,

+	tags->value = (unsigned char **) cli_realloc2(tags->value,

 				tags->count * sizeof(char *));

 	if (!tags->value) {

 		goto abort;

 	}

 	if(tags->scanContents) {

-		tags->contents= (blob **) cli_realloc(tags->contents,

+		tags->contents= (blob **) cli_realloc2(tags->contents,

 				tags->count*sizeof(*tags->contents));

 		if(!tags->contents) {

 			goto abort;

@@ -85,7 +85,7 @@ int cli_ac_addpatt(struct cli_matcher *root, struct cli_ac_patt *pattern)

 	    }

 	    root->ac_nodes++;

-	    root->ac_nodetable = (struct cli_ac_node **) cli_realloc(root->ac_nodetable, root->ac_nodes * sizeof(struct cli_ac_node *));

+	    root->ac_nodetable = (struct cli_ac_node **) cli_realloc2(root->ac_nodetable, root->ac_nodes * sizeof(struct cli_ac_node *));

 	    if(!root->ac_nodetable) {

 		cli_errmsg("cli_ac_addpatt: Can't realloc ac_nodetable\n");

 		if(next->trans)

@@ -103,7 +103,7 @@ int cli_ac_addpatt(struct cli_matcher *root, struct cli_ac_patt *pattern)

     }

     root->ac_patterns++;

-    root->ac_pattable = (struct cli_ac_patt **) cli_realloc(root->ac_pattable, root->ac_patterns * sizeof(struct cli_ac_patt *));

+    root->ac_pattable = (struct cli_ac_patt **) cli_realloc2(root->ac_pattable, root->ac_patterns * sizeof(struct cli_ac_patt *));

     if(!root->ac_pattable) {

 	cli_errmsg("cli_ac_addpatt: Can't realloc ac_pattable\n");

 	return CL_EMEM;

@@ -670,9 +670,9 @@ int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hex

 	    *start++ = 0;

 	    new->alt++;

-	    new->altn = (uint16_t *) cli_realloc(new->altn, new->alt * sizeof(uint16_t));

+	    new->altn = (uint16_t *) cli_realloc2(new->altn, new->alt * sizeof(uint16_t));

 	    new->altn[new->alt - 1] = 0;

-	    new->altc = (unsigned char **) cli_realloc(new->altc, new->alt * sizeof(char *));

+	    new->altc = (unsigned char **) cli_realloc2(new->altc, new->alt * sizeof(char *));

 	    new->altc[new->alt - 1] = NULL;

 	    for(i = 0; i < strlen(pt); i++)

@@ -869,7 +869,7 @@ static bitset_t *bitset_realloc(bitset_t *bs, unsigned long min_size)

 	unsigned long new_length;

 	new_length = nearest_power(min_size);

-	bs->bitset = (unsigned char *) cli_realloc(bs->bitset, new_length);

+	bs->bitset = (unsigned char *) cli_realloc2(bs->bitset, new_length);

 	if (!bs->bitset) {

 		return NULL;

 	}

@@ -712,7 +712,7 @@ static int cli_loadhdb(FILE *fd, struct cl_engine **engine, unsigned int *signo,

 	    if(!found) {

 		md5_sect->soff_len++;

-		md5_sect->soff = (uint32_t *) cli_realloc(md5_sect->soff, md5_sect->soff_len * sizeof(uint32_t));

+		md5_sect->soff = (uint32_t *) cli_realloc2(md5_sect->soff, md5_sect->soff_len * sizeof(uint32_t));

 		if(!md5_sect->soff) {

 		    cli_errmsg("cli_loadhdb: Can't realloc md5_sect->soff\n");

 		    free(bm_new->pattern);

@@ -1266,19 +1266,15 @@ int cl_statinidir(const char *dirname, struct cl_stat *dbstat)

 	    cli_strbcasestr(dent->d_name, ".cvd"))) {

 		dbstat->entries++;

-		dbstat->stattab = (struct stat *) cli_realloc(dbstat->stattab, dbstat->entries * sizeof(struct stat));

+		dbstat->stattab = (struct stat *) cli_realloc2(dbstat->stattab, dbstat->entries * sizeof(struct stat));

 		if(!dbstat->stattab) {

-		    /* FIXME: Minor error path memleak here. Change the

-		     * behaviour of cli_realloc() to free old block on error

-		     * (and review all calls to cli_realloc()).

-		     */

 		    cl_statfree(dbstat);

 		    closedir(dd);

 		    return CL_EMEM;

 		}

 #if defined(C_INTERIX) || defined(C_OS2)

-		dbstat->statdname = (char **) cli_realloc(dbstat->statdname, dbstat->entries * sizeof(char *));

+		dbstat->statdname = (char **) cli_realloc2(dbstat->statdname, dbstat->entries * sizeof(char *));

 		if(!dbstat->statdname) {

 		    cl_statfree(dbstat);

 		    closedir(dd);

@@ -314,7 +314,7 @@ static int stack_push(struct node_stack* stack,struct tree_node* node)

 	if(stack->cnt == stack->capacity) {

 		stack->capacity += NODE_STACK_GROW;

-		stack->data = cli_realloc(stack->data,stack->capacity*sizeof(*stack->data));

+		stack->data = cli_realloc2(stack->data,stack->capacity*sizeof(*stack->data));

 		if(!stack->data)

 			return CL_EMEM;

 	}

@@ -557,7 +557,7 @@ int load_regex_matcher(struct regex_matcher* matcher,FILE* fd,unsigned int optio

  				struct cli_matcher* old_hosts = matcher->root_hosts;

  				matcher->root_hosts_cnt++;

- 				matcher->root_hosts = cli_realloc(matcher->root_hosts, matcher->root_hosts_cnt * sizeof(*matcher->root_hosts));

+ 				matcher->root_hosts = cli_realloc2(matcher->root_hosts, matcher->root_hosts_cnt * sizeof(*matcher->root_hosts));

  				if(!matcher->root_hosts) {

  					matcher->root_hosts = old_hosts;/* according to manpage this must still be valid*/

  					return CL_EMEM;

@@ -855,7 +855,7 @@ static const unsigned char* find_regex_start(const unsigned char* pat)

 					altpositions[altpositions_cnt++] = last;

 					if(altpositions_cnt == altpositions_capacity) {

 						altpositions_capacity += ALT_STACK_GROW;

-						altpositions = cli_realloc(altpositions,altpositions_capacity*sizeof(*altpositions));

+						altpositions = cli_realloc2(altpositions,altpositions_capacity*sizeof(*altpositions));

 						if(!altpositions)

 							return NULL;

 					}

@@ -951,7 +951,7 @@ static struct tree_node* tree_node_char_insert(struct tree_node* node,const char

 	struct tree_node* new, *alt = tree_get_next(node);

 	struct tree_node **children;

 	node->alternatives++;

-	node->u.children = cli_realloc(node->u.children,tree_node_get_array_size(node));

+	node->u.children = cli_realloc2(node->u.children,tree_node_get_array_size(node));

 	if(!node->u.children)

 		return NULL;

@@ -1008,7 +1008,7 @@ static void tree_node_insert_nonbin(struct tree_node* node, struct tree_node* ne

 				new->listend=1;

 				return;

 			}

-		node->u.children = cli_realloc(node->u.children,sizeof(node->u.children[0])*(2));

+		node->u.children = cli_realloc2(node->u.children,sizeof(node->u.children[0])*(2));

 		if(node->u.children) {

 			node->u.children[idx] = new;

 		}

@@ -161,7 +161,7 @@ static int push_state(struct stack* stack,struct rtf_state* state)

 	if(stack->stack_cnt >= stack->stack_size) {

 		/* grow stack */

 		stack->stack_size += 128;

-		stack->states = cli_realloc(stack->states, stack->stack_size*sizeof(*stack->states));

+		stack->states = cli_realloc2(stack->states, stack->stack_size*sizeof(*stack->states));

 		if(!stack->states)

 			return CL_EMEM;

 	}

@@ -873,10 +873,10 @@ static int add_vm_code(unpack_data_t *unpack_data, unsigned int first_byte,

 			return FALSE;

 		}	

 		unpack_data->old_filter_lengths_size++;

-		unpack_data->old_filter_lengths = (int *) cli_realloc(unpack_data->old_filter_lengths,

+		unpack_data->old_filter_lengths = (int *) cli_realloc2(unpack_data->old_filter_lengths,

 				sizeof(int) * unpack_data->old_filter_lengths_size);

 		if(!unpack_data->old_filter_lengths) {

-		    cli_dbgmsg("unrar: add_vm_code: cli_realloc failed for unpack_data->old_filter_lengths\n");

+		    cli_dbgmsg("unrar: add_vm_code: cli_realloc2 failed for unpack_data->old_filter_lengths\n");

 		    return FALSE;

 		}

 		unpack_data->old_filter_lengths[unpack_data->old_filter_lengths_size-1] = 0;

@@ -1006,10 +1006,10 @@ static int add_vm_code(unpack_data_t *unpack_data, unsigned int first_byte,

 		cur_size = stack_filter->prg.global_size;

 		if (cur_size < data_size+VM_FIXEDGLOBALSIZE) {

 			stack_filter->prg.global_size += data_size+VM_FIXEDGLOBALSIZE-cur_size;

-			stack_filter->prg.global_data = cli_realloc(stack_filter->prg.global_data,

+			stack_filter->prg.global_data = cli_realloc2(stack_filter->prg.global_data,

 				stack_filter->prg.global_size);

 			if(!stack_filter->prg.global_data) {

-			    cli_dbgmsg("unrar: add_vm_code: cli_realloc failed for stack_filter->prg.global_data\n");

+			    cli_dbgmsg("unrar: add_vm_code: cli_realloc2 failed for stack_filter->prg.global_data\n");

 			    return FALSE;

 			}

 		}

@@ -49,7 +49,7 @@ void rar_cmd_array_reset(rar_cmd_array_t *cmd_a)

 int rar_cmd_array_add(rar_cmd_array_t *cmd_a, int num)

 {

 	cmd_a->num_items += num;

-	cmd_a->array = (struct rarvm_prepared_command *) cli_realloc(cmd_a->array,

+	cmd_a->array = (struct rarvm_prepared_command *) cli_realloc2(cmd_a->array,

 			cmd_a->num_items * sizeof(struct rarvm_prepared_command));

 	if (cmd_a->array == NULL) {

 		return FALSE;

@@ -59,7 +59,7 @@ void rar_filter_array_reset(rar_filter_array_t *filter_a)

 int rar_filter_array_add(rar_filter_array_t *filter_a, int num)

 {

 	filter_a->num_items += num;

-	filter_a->array = (struct UnpackFilter **) cli_realloc(filter_a->array,

+	filter_a->array = (struct UnpackFilter **) cli_realloc2(filter_a->array,

 			filter_a->num_items * sizeof(struct UnpackFilter **));

 	if (filter_a->array == NULL) {

 		filter_a->num_items=0;

@@ -922,9 +922,9 @@ int rarvm_execute(rarvm_data_t *rarvm_data, struct rarvm_prepared_program *prg)

 		(unsigned int *)&rarvm_data->mem[VM_GLOBALMEMADDR+0x30]),VM_GLOBALMEMSIZE);

 	if (data_size != 0) {

 		prg->global_size += data_size+VM_FIXEDGLOBALSIZE;

-		prg->global_data = cli_realloc(prg->global_data, prg->global_size);

+		prg->global_data = cli_realloc2(prg->global_data, prg->global_size);

 		if(!prg->global_data) {

-		    cli_dbgmsg("unrar: rarvm_execute: cli_realloc failed for prg->global_data\n");

+		    cli_dbgmsg("unrar: rarvm_execute: cli_realloc2 failed for prg->global_data\n");

 		    return FALSE;

 		}

 		memcpy(prg->global_data, &rarvm_data->mem[VM_GLOBALMEMADDR],

@@ -1079,9 +1079,9 @@ int rarvm_prepare(rarvm_data_t *rarvm_data, rarvm_input_t *rarvm_input, unsigned

 			}

 			for (i=0 ; rarvm_input->in_addr < code_size && i < data_size ; i++) {

 				prg->static_size++;

-				prg->static_data = cli_realloc(prg->static_data, prg->static_size);

+				prg->static_data = cli_realloc2(prg->static_data, prg->static_size);

 				if(!prg->static_data) {

-				    cli_dbgmsg("unrar: rarvm_prepare: cli_realloc failed for prg->static_data\n");

+				    cli_dbgmsg("unrar: rarvm_prepare: cli_realloc2 failed for prg->static_data\n");

 				    return FALSE;

 				}

 				prg->static_data[i] = rarvm_getbits(rarvm_input) >> 8;

@@ -1358,7 +1358,7 @@ static macro_extnames_t *wm_read_macro_extnames(int fd)

 	while (lseek(fd, 0, SEEK_CUR) < offset_end) {

 		macro_extnames->count++;

 		macro_extnames->macro_extname = (macro_extname_t *)

-			cli_realloc(macro_extnames->macro_extname,

+			cli_realloc2(macro_extnames->macro_extname,

 				sizeof(macro_extname_t) * macro_extnames->count);

 		if (macro_extnames->macro_extname == NULL) {

 			cli_dbgmsg("read macro_extnames failed\n");