Fix memory allocation and release problems in the bfd documentation processor.

	* doc/chew.c (add_to_definition): Use correct type when
	calculating size of array reallocation.
	(nextword): Always initialise the word return parameter.
	(compile): Check return value of nextword().

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 78cbd51f92a7b69dbb682df3c47382cbcbd22491..3fcc985db1cafe21694b7c44ede8486001ba6ea3 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,10 @@
+2019-11-05  Tim Rühsen  <tim.ruehsen@gmx.de>
+
+       * doc/chew.c (add_to_definition): Use correct type when
+       calculating size of array reallocation.
+       (nextword): Always initialise the word return parameter.
+       (compile): Check return value of nextword().
+
 2019-10-30  Keith Seitz  <keiths@redhat.com>
 
        * elf-bfd.h (elf_backend_data) <elf_backend_core_find_build_id>:

diff --git a/bfd/doc/chew.c b/bfd/doc/chew.c
index ef5a22c2fa57f2cd794e512a96aedcd797cf361e..d436da650b85da109ca7002a4b9de16860758dd1 100644 (file)
--- a/bfd/doc/chew.c
+++ b/bfd/doc/chew.c
@@ -1167,7 +1167,10 @@ nextword (string, word)
        }
     }
   if (!*string)
-    return 0;
+    {
+      *word = NULL;
+      return NULL;
+    }
 
   word_start = string;
   if (*string == '"')
@@ -1225,7 +1228,7 @@ nextword (string, word)
   if (*string)
     return string + 1;
   else
-    return 0;
+    return NULL;
 }
 
 dict_type *root;
@@ -1243,7 +1246,7 @@ lookup_word (word)
     }
   if (warning)
     fprintf (stderr, "Can't find %s\n", word);
-  return 0;
+  return NULL;
 }
 
 static void
@@ -1276,7 +1279,7 @@ free_words (void)
 }
 
 static void
-perform ()
+perform (void)
 {
   tos = stack;
 
@@ -1333,7 +1336,7 @@ add_to_definition (entry, word)
       entry->code_length += 2;
       entry->code =
        (stinst_type *) realloc ((char *) (entry->code),
-                                entry->code_length * sizeof (word_type));
+                                entry->code_length * sizeof (stinst_type));
     }
   entry->code[entry->code_end] = word;
 
@@ -1374,6 +1377,8 @@ compile (string)
        {
          free (word);
          string = nextword (string, &word);
+         if (!string)
+           continue;
          add_var (word);
          string = nextword (string, &word);
        }
@@ -1384,8 +1389,16 @@ compile (string)
          /* Compile a word and add to dictionary.  */
          free (word);
          string = nextword (string, &word);
+         if (!string)
+           continue;
          ptr = newentry (word);
          string = nextword (string, &word);
+         if (!string)
+           {
+             free (ptr->code);
+             free (ptr);
+             continue;
+           }
          
          while (word[0] != ';')
            {
@@ -1423,7 +1436,6 @@ compile (string)
            }
          add_to_definition (ptr, 0);
          free (word);
-         word = NULL;
          string = nextword (string, &word);
        }
       else