diff options
author | John-Mark Bell <jmb@netsurf-browser.org> | 2012-11-11 15:22:33 +0000 |
---|---|---|
committer | John-Mark Bell <jmb@netsurf-browser.org> | 2012-11-11 15:22:33 +0000 |
commit | 77efdb615b56e66fcdd4fc49efac37a460196fc3 (patch) | |
tree | 9dfb19f325897842c12e8660e456c31d6067f220 | |
parent | 3a53ac506c910bb3ec37c165713ba744649bf677 (diff) | |
download | libdom-77efdb615b56e66fcdd4fc49efac37a460196fc3.tar.gz libdom-77efdb615b56e66fcdd4fc49efac37a460196fc3.tar.bz2 |
Fix buffer overflow in event dispatch
-rw-r--r-- | src/core/node.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/core/node.c b/src/core/node.c index 702a145..c7794e6 100644 --- a/src/core/node.c +++ b/src/core/node.c @@ -2347,13 +2347,18 @@ dom_exception _dom_node_dispatch_event(dom_event_target *et, ntargets = 0; ntargets_allocated = 64; targets = calloc(sizeof(*targets), ntargets_allocated); + if (targets == NULL) { + /** \todo Report memory exhaustion? */ + return DOM_NO_ERR; + } targets[ntargets++] = (dom_event_target *)dom_node_ref(et); target = target->parent; while (target != NULL) { if (ntargets == ntargets_allocated) { dom_event_target **newtargets = realloc( - targets, ntargets_allocated * 2); + targets, + ntargets_allocated * 2 * sizeof(*targets)); if (newtargets == NULL) goto cleanup; memset(newtargets + ntargets_allocated, |