From 831962e3b32777573f3818c0917e7592bf3b462f Mon Sep 17 00:00:00 2001
From: Hubert Verstraete <hubs@users.sourceforge.net>
Date: Tue, 28 Jun 2016 22:44:26 +0200
Subject: [PATCH] CLEANUP: fixed some usages of realloc leading to memory leak

Changed all the cases where the pointer passed to realloc is overwritten
by the pointer returned by realloc. The new function my_realloc2 has
been used except in function register_name. If register_name fails to
add a new variable because of an "out of memory" error, all the existing
variables remain valid. If we had used my_realloc2, the array of variables
would have been freed.
---
 src/cfgparse.c | 16 ++++++++--------
 src/chunk.c    |  5 +++--
 src/standard.c |  4 ++--
 src/vars.c     | 10 ++++++----
 4 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/src/cfgparse.c b/src/cfgparse.c
index d9afd843f..4e4775a6e 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1592,10 +1592,10 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
 
 		if (logsrv->maxlen > global.max_syslog_len) {
 			global.max_syslog_len = logsrv->maxlen;
-			logheader = realloc(logheader, global.max_syslog_len + 1);
-			logheader_rfc5424 = realloc(logheader_rfc5424, global.max_syslog_len + 1);
-			logline = realloc(logline, global.max_syslog_len + 1);
-			logline_rfc5424 = realloc(logline_rfc5424, global.max_syslog_len + 1);
+			logheader = my_realloc2(logheader, global.max_syslog_len + 1);
+			logheader_rfc5424 = my_realloc2(logheader_rfc5424, global.max_syslog_len + 1);
+			logline = my_realloc2(logline, global.max_syslog_len + 1);
+			logline_rfc5424 = my_realloc2(logline_rfc5424, global.max_syslog_len + 1);
 		}
 
 		/* after the length, a format may be specified */
@@ -6078,10 +6078,10 @@ stats_error_parsing:
 
 			if (logsrv->maxlen > global.max_syslog_len) {
 				global.max_syslog_len = logsrv->maxlen;
-				logheader = realloc(logheader, global.max_syslog_len + 1);
-				logheader_rfc5424 = realloc(logheader_rfc5424, global.max_syslog_len + 1);
-				logline = realloc(logline, global.max_syslog_len + 1);
-				logline_rfc5424 = realloc(logline_rfc5424, global.max_syslog_len + 1);
+				logheader = my_realloc2(logheader, global.max_syslog_len + 1);
+				logheader_rfc5424 = my_realloc2(logheader_rfc5424, global.max_syslog_len + 1);
+				logline = my_realloc2(logline, global.max_syslog_len + 1);
+				logline_rfc5424 = my_realloc2(logline_rfc5424, global.max_syslog_len + 1);
 			}
 
 			/* after the length, a format may be specified */
diff --git a/src/chunk.c b/src/chunk.c
index e2511076b..7134fead3 100644
--- a/src/chunk.c
+++ b/src/chunk.c
@@ -17,6 +17,7 @@
 
 #include <common/config.h>
 #include <common/chunk.h>
+#include <common/standard.h>
 
 /* trash chunks used for various conversions */
 static struct chunk *trash_chunk;
@@ -60,8 +61,8 @@ struct chunk *get_trash_chunk(void)
 int alloc_trash_buffers(int bufsize)
 {
 	trash_size = bufsize;
-	trash_buf1 = (char *)realloc(trash_buf1, bufsize);
-	trash_buf2 = (char *)realloc(trash_buf2, bufsize);
+	trash_buf1 = (char *)my_realloc2(trash_buf1, bufsize);
+	trash_buf2 = (char *)my_realloc2(trash_buf2, bufsize);
 	return trash_buf1 && trash_buf2;
 }
 
diff --git a/src/standard.c b/src/standard.c
index cfed94d24..c9f68b544 100644
--- a/src/standard.c
+++ b/src/standard.c
@@ -3104,7 +3104,7 @@ char *memprintf(char **out, const char *format, ...)
 		}
 
 		allocated = needed + 1;
-		ret = realloc(ret, allocated);
+		ret = my_realloc2(ret, allocated);
 	} while (ret);
 
 	if (needed < 0) {
@@ -3252,7 +3252,7 @@ char *env_expand(char *in)
 			val_len = value ? strlen(value) : 0;
 		}
 
-		out = realloc(out, out_len + (txt_end - txt_beg) + val_len + 1);
+		out = my_realloc2(out, out_len + (txt_end - txt_beg) + val_len + 1);
 		if (txt_end > txt_beg) {
 			memcpy(out + out_len, txt_beg, txt_end - txt_beg);
 			out_len += txt_end - txt_beg;
diff --git a/src/vars.c b/src/vars.c
index d79f317b9..56fade5d9 100644
--- a/src/vars.c
+++ b/src/vars.c
@@ -151,6 +151,7 @@ void vars_init(struct vars *vars, enum vars_scope scope)
 static char *register_name(const char *name, int len, enum vars_scope *scope, char **err)
 {
 	int i;
+	char **var_names2;
 	const char *tmp;
 
 	/* Check length. */
@@ -191,13 +192,14 @@ static char *register_name(const char *name, int len, enum vars_scope *scope, ch
 		if (strncmp(var_names[i], name, len) == 0)
 			return var_names[i];
 
-	/* Store variable name. */
-	var_names_nb++;
-	var_names = realloc(var_names, var_names_nb * sizeof(*var_names));
-	if (!var_names) {
+	/* Store variable name. If realloc fails, var_names remains valid */
+	var_names2 = realloc(var_names, (var_names_nb + 1) * sizeof(*var_names));
+	if (!var_names2) {
 		memprintf(err, "out of memory error");
 		return NULL;
 	}
+	var_names_nb++;
+	var_names = var_names2;
 	var_names[var_names_nb - 1] = malloc(len + 1);
 	if (!var_names[var_names_nb - 1]) {
 		memprintf(err, "out of memory error");