[PATCH 6/7] lib/math.c: Fix possible crash

Alexander Shiyan shc_work at mail.ru
Sat Feb 15 23:40:49 EST 2014


Crash can be caused if xzalloc() for "numstack" fails.

Signed-off-by: Alexander Shiyan <shc_work at mail.ru>
---
 lib/math.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/lib/math.c b/lib/math.c
index a4731ed..1e3ee85 100644
--- a/lib/math.c
+++ b/lib/math.c
@@ -543,11 +543,11 @@ static arith_t evaluate_string(arith_state_t *math_state, const char *expr)
 	/* Stack of operator tokens */
 	operator *const stack = xzalloc(expr_len * sizeof(stack[0]));
 	operator *stackptr = stack;
-	arith_t result;
+	arith_t result = -1;
 
 	if (numstack == NULL || stack == NULL) {
 		errmsg = "out of memory";
-		goto err_with_custom_msg;
+		goto ret;
 	}
 
 	/* Start with a left paren */
@@ -565,7 +565,7 @@ static arith_t evaluate_string(arith_state_t *math_state, const char *expr)
 		if (arithval == '\0') {
 			if (expr == start_expr) {
 				/* Null expression */
-				numstack->val = 0;
+				result = numstack->val;
 				goto ret;
 			}
 
@@ -596,6 +596,7 @@ static arith_t evaluate_string(arith_state_t *math_state, const char *expr)
 				free(numstack->var);
 				numstack->var = NULL;
 			}
+			result = numstack->val;
 			goto ret;
 		}
 
@@ -733,7 +734,7 @@ static arith_t evaluate_string(arith_state_t *math_state, const char *expr)
 				}
 				errmsg = arith_apply(math_state, prev_op, numstack, &numstackptr);
 				if (errmsg)
-					goto err_with_custom_msg;
+					goto ret;
 			}
 			if (op == TOK_RPAREN)
 				goto err;
@@ -746,10 +747,7 @@ next: ;
 
 err:
 	errmsg = "arithmetic syntax error";
-err_with_custom_msg:
-	result = -1;
 ret:
-	result = numstack->val;
 	free(stack);
 	free(numstack);
 	math_state->errmsg = errmsg;
-- 
1.8.3.2




More information about the barebox mailing list