Fix buffer overflow in event dispatch

author: John-Mark Bell <jmb@netsurf-browser.org> 2012-11-11 15:22:33 +0000
committer: John-Mark Bell <jmb@netsurf-browser.org> 2012-11-11 15:22:33 +0000
commit: fbca5202226bd61eff58f5125ca6eed44c463771 (patch)
tree: 9dfb19f325897842c12e8660e456c31d6067f220
parent: 49dcf7aee55358e7a1ac1920d710cb10a6ee127d (diff)
download: libdom-fbca5202226bd61eff58f5125ca6eed44c463771.tar.gz
libdom-fbca5202226bd61eff58f5125ca6eed44c463771.tar.bz2
1 files changed, 6 insertions, 1 deletions
diff --git a/src/core/node.c b/src/core/node.c
index 702a145..c7794e6 100644
--- a/src/core/node.c
+++ b/src/core/node.c
@@ -2347,13 +2347,18 @@ dom_exception _dom_node_dispatch_event(dom_event_target *et,
 	ntargets = 0;
 	ntargets_allocated = 64;
 	targets = calloc(sizeof(*targets), ntargets_allocated);
+	if (targets == NULL) {
+		/** \todo Report memory exhaustion? */
+		return DOM_NO_ERR;
+	}
 	targets[ntargets++] = (dom_event_target *)dom_node_ref(et);
 	target = target->parent;
 
 	while (target != NULL) {
 		if (ntargets == ntargets_allocated) {
 			dom_event_target **newtargets = realloc(
-				targets, ntargets_allocated * 2);
+				targets,
+				ntargets_allocated * 2 * sizeof(*targets));
 			if (newtargets == NULL)
 				goto cleanup;
 			memset(newtargets + ntargets_allocated,
author	John-Mark Bell <jmb@netsurf-browser.org>	2012-11-11 15:22:33 +0000
committer	John-Mark Bell <jmb@netsurf-browser.org>	2012-11-11 15:22:33 +0000
commit	fbca5202226bd61eff58f5125ca6eed44c463771 (patch)
tree	9dfb19f325897842c12e8660e456c31d6067f220
parent	49dcf7aee55358e7a1ac1920d710cb10a6ee127d (diff)
download	libdom-fbca5202226bd61eff58f5125ca6eed44c463771.tar.gz libdom-fbca5202226bd61eff58f5125ca6eed44c463771.tar.bz2