diff options
| author | Kaz Kylheku <kaz@kylheku.com> | 2016-04-21 21:15:24 -0700 |
|---|---|---|
| committer | Kaz Kylheku <kaz@kylheku.com> | 2016-04-21 21:15:24 -0700 |
| commit | 368a4d05039d41eb31120f8624b9cf7037035d2e (patch) | |
| tree | 9b064ccd97c5cdc0c0d946ab6efde6a9b48375fe /stream.c | |
| parent | c2374487d235c08b71762d2ceb8645d18481c97f (diff) | |
| download | txr-368a4d05039d41eb31120f8624b9cf7037035d2e.tar.gz txr-368a4d05039d41eb31120f8624b9cf7037035d2e.tar.bz2 txr-368a4d05039d41eb31120f8624b9cf7037035d2e.zip | |
Strengthen against resource leaks upon exceptions.
* glob.c (glob_wrap): Perform argument conversions
that might throw before allocating UTF-8 string.
* parser.y (text): In the action for SPACE, the lexeme
is not needed so free($1) right away. If regex_compile
were to throw an exception, that lexeme will leak.
* socket.c (getaddrinfo_wrap): Harden against leakage of
node_u8 and service_u8 strings with an unwind block.
For instance, the hints structure could contain
bad values which cause addrinfo_in to throw.
* stream.c (make_string_byte_input_stream): Perform
possibly throwing argument conversions before allocating
resources.
* sysif.c (mkdir_wrap, mknod_wrap, chmod_wrap, symlink_wrap,
link_wrap, setenv_wrap, crypt_wrap): Likewise.
* syslog.c (openlog_wrap, syslog_wrapv): Likewise.
Diffstat (limited to 'stream.c')
| -rw-r--r-- | stream.c | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -1690,9 +1690,10 @@ val make_string_byte_input_stream(val string) type_assert (stringp(string), (lit("~a is not a string"), string, nao)); { + const wchar_t *wstring = c_str(string); struct byte_input *bi = coerce(struct byte_input *, chk_malloc(sizeof *bi)); strm_base_init(&bi->a); - bi->buf = utf8_dup_to_buf(c_str(string), &bi->size, 0); + bi->buf = utf8_dup_to_buf(wstring, &bi->size, 0); bi->index = 0; return cobj(coerce(mem_t *, bi), stream_s, &byte_in_ops.cobj_ops); } |