diff options
author | John-Mark Bell <jmb@netsurf-browser.org> | 2012-11-11 15:22:33 +0000 |
---|---|---|
committer | John-Mark Bell <jmb@netsurf-browser.org> | 2012-11-11 15:22:33 +0000 |
commit | fbca5202226bd61eff58f5125ca6eed44c463771 (patch) | |
tree | 9dfb19f325897842c12e8660e456c31d6067f220 | |
parent | 49dcf7aee55358e7a1ac1920d710cb10a6ee127d (diff) | |
download | libdom-fbca5202226bd61eff58f5125ca6eed44c463771.tar.gz libdom-fbca5202226bd61eff58f5125ca6eed44c463771.tar.bz2 |
Fix buffer overflow in event dispatch
-rw-r--r-- | src/core/node.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/core/node.c b/src/core/node.c index 702a145..c7794e6 100644 --- a/src/core/node.c +++ b/src/core/node.c @@ -2347,13 +2347,18 @@ dom_exception _dom_node_dispatch_event(dom_event_target *et, ntargets = 0; ntargets_allocated = 64; targets = calloc(sizeof(*targets), ntargets_allocated); + if (targets == NULL) { + /** \todo Report memory exhaustion? */ + return DOM_NO_ERR; + } targets[ntargets++] = (dom_event_target *)dom_node_ref(et); target = target->parent; while (target != NULL) { if (ntargets == ntargets_allocated) { dom_event_target **newtargets = realloc( - targets, ntargets_allocated * 2); + targets, + ntargets_allocated * 2 * sizeof(*targets)); if (newtargets == NULL) goto cleanup; memset(newtargets + ntargets_allocated, |