Fix buffer overflow in event dispatch

author: John-Mark Bell <jmb@netsurf-browser.org> 2012-11-11 15:22:33 +0000
committer: John-Mark Bell <jmb@netsurf-browser.org> 2012-11-11 15:22:33 +0000
commit: 77efdb615b56e66fcdd4fc49efac37a460196fc3 (patch)
tree: 9dfb19f325897842c12e8660e456c31d6067f220
parent: 3a53ac506c910bb3ec37c165713ba744649bf677 (diff)
download: libdom-77efdb615b56e66fcdd4fc49efac37a460196fc3.tar.gz
libdom-77efdb615b56e66fcdd4fc49efac37a460196fc3.tar.bz2
1 files changed, 6 insertions, 1 deletions
diff --git a/src/core/node.c b/src/core/node.c
index 702a145..c7794e6 100644
--- a/src/core/node.c
+++ b/src/core/node.c
@@ -2347,13 +2347,18 @@ dom_exception _dom_node_dispatch_event(dom_event_target *et,
 	ntargets = 0;
 	ntargets_allocated = 64;
 	targets = calloc(sizeof(*targets), ntargets_allocated);
+	if (targets == NULL) {
+		/** \todo Report memory exhaustion? */
+		return DOM_NO_ERR;
+	}
 	targets[ntargets++] = (dom_event_target *)dom_node_ref(et);
 	target = target->parent;
 
 	while (target != NULL) {
 		if (ntargets == ntargets_allocated) {
 			dom_event_target **newtargets = realloc(
-				targets, ntargets_allocated * 2);
+				targets,
+				ntargets_allocated * 2 * sizeof(*targets));
 			if (newtargets == NULL)
 				goto cleanup;
 			memset(newtargets + ntargets_allocated,
author	John-Mark Bell <jmb@netsurf-browser.org>	2012-11-11 15:22:33 +0000
committer	John-Mark Bell <jmb@netsurf-browser.org>	2012-11-11 15:22:33 +0000
commit	77efdb615b56e66fcdd4fc49efac37a460196fc3 (patch)
tree	9dfb19f325897842c12e8660e456c31d6067f220
parent	3a53ac506c910bb3ec37c165713ba744649bf677 (diff)
download	libdom-77efdb615b56e66fcdd4fc49efac37a460196fc3.tar.gz libdom-77efdb615b56e66fcdd4fc49efac37a460196fc3.tar.bz2