Skip to content

Commit

Permalink
Fix null pointer dereference
Browse files Browse the repository at this point in the history 
As reported by honggfuzz
  • Loading branch information
@tbeu
tbeu committed Nov 25, 2017
1 parent a55b9c2 commit a32481e
Showing 1 changed file with 8 additions and 5 deletions.
13 changes: 8 additions & 5 deletions src/mat5.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1585,9 +1585,10 @@ ReadNextStructField( mat_t *mat, matvar_t *matvar )
(char**)calloc(nfields,sizeof(*matvar->internal->fieldnames));
for ( i = 0; i < nfields; i++ ) {
matvar->internal->fieldnames[i] = (char*)malloc(fieldname_size);
memcpy(matvar->internal->fieldnames[i],ptr+i*fieldname_size,
fieldname_size);
matvar->internal->fieldnames[i][fieldname_size-1] = '\0';
if ( NULL != matvar->internal->fieldnames[i] ) {
memcpy(matvar->internal->fieldnames[i], ptr+i*fieldname_size, fieldname_size);
matvar->internal->fieldnames[i][fieldname_size-1] = '\0';
}
}
free(ptr);
} else {
Expand Down Expand Up @@ -1759,8 +1760,10 @@ ReadNextStructField( mat_t *mat, matvar_t *matvar )
(char**)calloc(nfields,sizeof(*matvar->internal->fieldnames));
for ( i = 0; i < nfields; i++ ) {
matvar->internal->fieldnames[i] = (char*)malloc(fieldname_size);
bytesread+=fread(matvar->internal->fieldnames[i],1,fieldname_size,(FILE*)mat->fp);
matvar->internal->fieldnames[i][fieldname_size-1] = '\0';
if ( NULL != matvar->internal->fieldnames[i] ) {
bytesread+=fread(matvar->internal->fieldnames[i],1,fieldname_size,(FILE*)mat->fp);
matvar->internal->fieldnames[i][fieldname_size-1] = '\0';
}
}
} else {
matvar->internal->num_fields = 0;
Expand Down

0 comments on commit a32481e

Please sign in to comment.