From 3964f0d0f6e2f4b4f42d5e81ce07a6d89ed340f1 Mon Sep 17 00:00:00 2001
From: ace20022 <ace20022@ymail.com>
Date: Thu, 26 Sep 2013 11:28:01 +0200
Subject: [cximage] Fix common realloc mistake: 'm_pBuffer' nulled but not
 freed upon failure in xmemfile.

---
 lib/cximage-6.0/CxImage/xmemfile.cpp | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/lib/cximage-6.0/CxImage/xmemfile.cpp b/lib/cximage-6.0/CxImage/xmemfile.cpp
index af8db945a3..5a72200238 100644
--- a/lib/cximage-6.0/CxImage/xmemfile.cpp
+++ b/lib/cximage-6.0/CxImage/xmemfile.cpp
@@ -186,9 +186,21 @@ bool CxMemFile::Alloc(DWORD dwNewLen)
 
 		// allocate new buffer
 		if (m_pBuffer == NULL) m_pBuffer = (BYTE*)malloc(dwNewBufferSize);
-		else	m_pBuffer = (BYTE*)realloc(m_pBuffer, dwNewBufferSize);
+		else
+		{
+			BYTE* new_buf = (BYTE*)realloc(m_pBuffer, dwNewBufferSize);
+			if (!new_buf)
+			{
+				free(m_pBuffer);
+				m_bFreeOnClose = false;
+				return false;
+			}
+			else
+				m_pBuffer = new_buf;
+		}
 		// I own this buffer now (caller knows nothing about it)
-		m_bFreeOnClose = true;
+		if (m_pBuffer)
+			m_bFreeOnClose = true;
 
 		m_Edge = dwNewBufferSize;
 	}
-- 
cgit v1.2.3