Merge pull request #607 from AFLplusplus/dev

push to stable

1 files changed, 17 insertions, 5 deletions

diff --git a/include/alloc-inl.h b/include/alloc-inl.h
index d7aa51a7..68255fb6 100644
--- a/include/alloc-inl.h
+++ b/include/alloc-inl.h
@@ -636,7 +636,7 @@ struct afl_alloc_buf {
 
 #define AFL_ALLOC_SIZE_OFFSET (offsetof(struct afl_alloc_buf, buf))
 
-/* Returs the container element to this ptr */
+/* Returns the container element to this ptr */
 static inline struct afl_alloc_buf *afl_alloc_bufptr(void *buf) {
 
   return (struct afl_alloc_buf *)((u8 *)buf - AFL_ALLOC_SIZE_OFFSET);
@@ -694,12 +694,18 @@ static inline void *afl_realloc(void **buf, size_t size_needed) {
   }
 
   /* alloc */
-  new_buf = (struct afl_alloc_buf *)realloc(new_buf, next_size);
-  if (unlikely(!new_buf)) {
+  struct afl_alloc_buf *newer_buf =
+      (struct afl_alloc_buf *)realloc(new_buf, next_size);
+  if (unlikely(!newer_buf)) {
 
+    free(new_buf);  // avoid a leak
     *buf = NULL;
     return NULL;
 
+  } else {
+
+    new_buf = newer_buf;
+
   }
 
   new_buf->complete_size = next_size;
@@ -730,12 +736,18 @@ static inline void *afl_realloc_exact(void **buf, size_t size_needed) {
   if (unlikely(current_size == size_needed)) { return *buf; }
 
   /* alloc */
-  new_buf = (struct afl_alloc_buf *)realloc(new_buf, size_needed);
-  if (unlikely(!new_buf)) {
+  struct afl_alloc_buf *newer_buf =
+      (struct afl_alloc_buf *)realloc(new_buf, size_needed);
+  if (unlikely(!newer_buf)) {
 
+    free(new_buf);  // avoid a leak
     *buf = NULL;
     return NULL;
 
+  } else {
+
+    new_buf = newer_buf;
+
   }
 
   new_buf->complete_size = size_needed;