Fix null pointer dereference in get_private_path_and_zero_file (Symbian)

* extra/symbian.cpp (GC_get_private_path_and_zero_file): Do not call
memcpy() if allocation of copyChar is failed.
* os_dep.c [MMAP_SUPPORTED && !USE_MMAP_ANON] (zero_fd): Initialize
global variable to -1 (instead of 0).
* os_dep.c [MMAP_SUPPORTED && !USE_MMAP_ANON && SYMBIAN]
(GC_unix_mmap_get_mem): Do not call open() and free() if path is NULL.

diff --git a/extra/symbian.cpp b/extra/symbian.cpp
index 1716c8871c3517fff54e544efd753740fcb9e4dc..2ec7afbbd337a1860c97f2aa69ba43595ccaabb1 100644 (file)
--- a/extra/symbian.cpp
+++ b/extra/symbian.cpp
@@ -43,7 +43,8 @@ char* GC_get_private_path_and_zero_file()
 
     size_t size = path8.Length() + 1;
     char* copyChar = (char*) malloc( size );
-    memcpy( copyChar, path8.PtrZ(), size );
+    if (copyChar)
+        memcpy( copyChar, path8.PtrZ(), size );
 
     return copyChar; // ownership passed
 }

diff --git a/os_dep.c b/os_dep.c
index 2e1a962d4b50a5f70d49ad733d96607232b39bf9..011d656d88814ede97750cc2fe4086b506bee162 100644 (file)
--- a/os_dep.c
+++ b/os_dep.c
@@ -2135,7 +2135,7 @@ void GC_register_data_segments(void)
 #   define OPT_MAP_ANON MAP_ANON
 # endif
 #else
-  static int zero_fd;
+  static int zero_fd = -1;
 # define OPT_MAP_ANON 0
 #endif
 
@@ -2165,8 +2165,10 @@ void GC_register_data_segments(void)
       if (!EXPECT(initialized, TRUE)) {
 #       ifdef SYMBIAN
           char *path = GC_get_private_path_and_zero_file();
-          zero_fd = open(path, O_RDWR | O_CREAT, 0666);
-          free(path);
+          if (path != NULL) {
+            zero_fd = open(path, O_RDWR | O_CREAT, 0666);
+            free(path);
+          }
 #       else
           zero_fd = open("/dev/zero", O_RDONLY);
 #       endif