Prevent crashes and leaks on allocation failure (#606)

* Prevent crashes and leaks on allocation failure

Memory allocation can fail. We need to gracefully handle this case and
prevent dereferencing null pointers.

* Make NULL checks consistent within a file

* Properly report allocation errors

* Improve cleanup in pj_gc_reader.c

* Implement pj_strdup and use instead of strdup

The function strdup is not part of ANSI C 89, but a POSIX extension.
Therefore we can not rely on it being available on all platforms.

1 files changed, 6 insertions, 0 deletions

diff --git a/src/pj_init.c b/src/pj_init.c
index 951f1cfb..704a8b55 100644
--- a/src/pj_init.c
+++ b/src/pj_init.c
@@ -359,6 +359,8 @@ pj_init_plus_ctx( projCtx ctx, const char *definition )
 
     /* make a copy that we can manipulate */
     defn_copy = (char *) pj_malloc( strlen(definition)+1 );
+    if (!defn_copy)
+        return NULL;
     strcpy( defn_copy, definition );
 
     /* split into arguments based on '+' and trim white space */
@@ -453,10 +455,14 @@ pj_init_ctx(projCtx ctx, int argc, char **argv) {
     
     /* put arguments into internal linked list */
     start = curr = pj_mkparam(argv[0]);
+    if (!curr)
+        return pj_dealloc_params (ctx, start, ENOMEM);
 
     /* build parameter list and expand +init's. Does not take care of a single +init. */
     for (i = 1; i < argc; ++i) {
         curr->next = pj_mkparam(argv[i]);
+        if (!curr->next)
+            return pj_dealloc_params (ctx, start, ENOMEM);
 
         /* check if +init present */
         if (pj_param(ctx, curr, "tinit").i) {