From 4c3b2bc4b5fc40cc24f59d39cefc8f965ff4950c Mon Sep 17 00:00:00 2001
From: Michael Jerris <mike@jerris.com>
Date: Fri, 15 May 2009 16:05:15 +0000
Subject: [PATCH] Wed May 13 10:50:41 CDT 2009  Pekka Pessi
 <first.last@nokia.com>   * msg: fixed possible leak in msg_params_d() with
 more than 16 params   Ignore-this: a45ef326def7b1bcd14de4850f3c24ab

  Coverity issue.


git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@13336 d0543943-73ff-0310-b7d9-9358b9ac24b2
---
 libs/sofia-sip/.update                        |  2 +-
 .../libsofia-sip-ua/msg/msg_parser_util.c     | 16 ++++++++------
 libs/sofia-sip/libsofia-sip-ua/msg/test_msg.c | 21 +++++++++++++++++++
 3 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/libs/sofia-sip/.update b/libs/sofia-sip/.update
index c91d139a7f..8ff303cd62 100644
--- a/libs/sofia-sip/.update
+++ b/libs/sofia-sip/.update
@@ -1 +1 @@
-Fri May 15 11:04:08 CDT 2009
+Fri May 15 11:04:52 CDT 2009
diff --git a/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser_util.c b/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser_util.c
index 5d8e9df8e9..5dd5cf1a95 100644
--- a/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser_util.c
+++ b/libs/sofia-sip/libsofia-sip-ua/msg/msg_parser_util.c
@@ -415,12 +415,14 @@ issize_t msg_avlist_d(su_home_t *home,
 
     if (n == N) {
       /* Reallocate params */
-      char **nparams = su_alloc(home,
-				(N = MSG_PARAMS_NUM(N + 1)) * sizeof(*params));
+      char const **nparams = su_realloc(home, params != stack ? params : NULL,
+					(N = MSG_PARAMS_NUM(N + 1)) * sizeof(*params));
       if (!nparams) {
 	goto error;
       }
-      params = memcpy(nparams, params, n * sizeof(*params));
+      if (params == stack)
+	memcpy(nparams, stack, n * sizeof(*params));
+      params = nparams;
     }
 
     params[n++] = p;
@@ -441,12 +443,14 @@ issize_t msg_avlist_d(su_home_t *home,
   }
   else if (n == N) {
     /* Reallocate params */
-    char **nparams = su_alloc(home,
-			      (N = MSG_PARAMS_NUM(N + 1)) * sizeof(*params));
+    char const **nparams = su_realloc(home, params != stack ? params : NULL,
+				      (N = MSG_PARAMS_NUM(N + 1)) * sizeof(*params));
     if (!nparams) {
       goto error;
     }
-    params = memcpy(nparams, params, n * sizeof(*params));
+    if (params == stack)
+      memcpy(nparams, stack, n * sizeof(*params));
+    params = nparams;
   }
 
   params[n] = NULL;
diff --git a/libs/sofia-sip/libsofia-sip-ua/msg/test_msg.c b/libs/sofia-sip/libsofia-sip-ua/msg/test_msg.c
index d5c1d5bcf0..0bff6a993b 100644
--- a/libs/sofia-sip/libsofia-sip-ua/msg/test_msg.c
+++ b/libs/sofia-sip/libsofia-sip-ua/msg/test_msg.c
@@ -285,6 +285,24 @@ int test_header_parsing(void)
       su_free(home, (void *)p), p = NULL;
     }
 
+    master = ";0";
+
+    for (i = 1; i < 256; i++) {
+      master = su_sprintf(home, "%s; %u", master, i); TEST_1(master);
+      list = end = su_strdup(home, master);
+      TEST_1(msg_params_d(NULL, &end, &p) >= 0);
+      TEST_S(end, "");
+      TEST_1(p);
+      for (j = 0; j <= i; j++) {
+	char number[10];
+	snprintf(number, sizeof number, "%u", j);
+	TEST_S(p[j], number);
+      }
+      TEST_1(p[i + 1] == NULL);
+      su_free(home, list);
+      su_free(NULL, (void *)p), p = NULL;
+    }
+
     su_home_deinit(home);
   }
 
@@ -722,6 +740,8 @@ int test_msg_parsing(void)
     TEST(msg_serialize(msg, (msg_pub_t *)tst), 0);
   }
 
+  msg_destroy(msg);
+
   /* Bug #2429 */
   orig = read_msg("GET a-life HTTP/1.1" CRLF
 		 "Foo: bar" CRLF
@@ -734,6 +754,7 @@ int test_msg_parsing(void)
   TEST_1(otst);
 
   msg = msg_copy(orig);
+  msg_destroy(orig);
   tst = msg_test_public(msg);
   TEST_1(tst);