From 3e242830b089e74e9bc35a0960757ea2b53d4a21 Mon Sep 17 00:00:00 2001 From: Danny Al-Gaaf Date: Wed, 14 May 2014 09:55:57 +0200 Subject: [PATCH] tools/gf_poly.c: fix undefined allocation of 0 bytes Due to man page of malloc the behaviour in case of allocation size of 0 bytes is undefined: "If size was equal to 0, either NULL or a pointer suitable to be passed to free() is returned" Fix for clang scan-build report: Unix API Undefined allocation of 0 bytes (CERT MEM04-C; CWE-131) 210 poly = (gf_general_t *) malloc(sizeof(gf_general_t)*(n+1)); 9 Call to 'malloc' has an allocation size of 0 bytes Signed-off-by: Danny Al-Gaaf --- tools/gf_poly.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/gf_poly.c b/tools/gf_poly.c index 44a24ac..b3faf25 100644 --- a/tools/gf_poly.c +++ b/tools/gf_poly.c @@ -52,6 +52,7 @@ #include #include #include +#include char *BM = "Bad Method: "; @@ -203,9 +204,14 @@ int main(int argc, char **argv) sprintf(string, "Argument '%s' not in proper format of power:coefficient\n", argv[i]); usage(string); } - if (power < 0) usage("Can't have negative powers\n"); - if (power > n) n = power; + if (power < 0) { + usage("Can't have negative powers\n"); + } else { + n = power; + } } + // in case the for-loop header fails + assert (n >= 0); poly = (gf_general_t *) malloc(sizeof(gf_general_t)*(n+1)); for (i = 0; i <= n; i++) gf_general_set_zero(poly+i, w);