Fix memory allocation in libmu_imap

* libproto/imap/tag.c (_mu_imap_tag_incr): Fix size calculation when reallocating tag_buf (_mu_imap_tag_clr): Re-initialize members on error.

Fix memory allocation in libmu_imap
* libproto/imap/tag.c (_mu_imap_tag_incr): Fix size calculation when reallocating tag_buf (_mu_imap_tag_clr): Re-initialize members on error.
Sergey Poznyakoff
Commit c0920d67 ... c0920d67832b696e263bf20091b0652fe52491aa authored 2016-07-04 12:16:43 +0300 by Sergey Poznyakoff
Showing 1 changed file with 10 additions and 3 deletions
libproto/imap/tag.c
--- a/libproto/imap/tag.c
View file @c0920d6
+++ b/libproto/imap/tag.c
View file @c0920d6
@@ -35,11 +35,13 @@ _mu_imap_tag_incr (mu_imap_t imap)
      if (++i == imap->tag_len)
 	{
 	  char *sp;
-	  int *np = realloc (imap->tag_buf, imap->tag_len + 1);
+	  int *np = realloc (imap->tag_buf,
+			     (imap->tag_len + 1) * sizeof imap->tag_buf[0]);
 	  if (!np)
 	    return ENOMEM;
 	  imap->tag_buf = np;
-	  sp = realloc (imap->tag_str, imap->tag_len + 2);
+	  sp = realloc (imap->tag_str,
+			(imap->tag_len + 2) * sizeof imap->tag_str[0]);
 	  if (!sp)
 	    return ENOMEM;
 	  imap->tag_str = sp;
@@ -69,11 +71,16 @@ _mu_imap_tag_clr (mu_imap_t imap)
      imap->tag_len = 2;
      imap->tag_buf = calloc (imap->tag_len, sizeof (imap->tag_buf[0]));
      if (!imap->tag_buf)
-	return ENOMEM;
+	{
+	  imap->tag_len = 0;
+	  return ENOMEM;
+	}
      imap->tag_str = calloc (imap->tag_len + 1, sizeof (imap->tag_str[0]));
      if (!imap->tag_str)
 	{
 	  free (imap->tag_buf);
+	  imap->tag_buf = NULL;
+	  imap->tag_len = 0;
 	  return ENOMEM;
 	}
    }