--- service.c.orig 2012-12-21 16:51:42.112518239 -0800 +++ service.c 2012-12-22 07:11:24.950522079 -0800 @@ -331,6 +331,12 @@ mpm_new_argv->nalloc = mpm_new_argv->nelts + argc - 1; cmb_data = malloc(mpm_new_argv->nalloc * sizeof(const char *)); + if (cmb_data == NULL) { + /* the fprintf below should be replaced with the appropriate call to ap_log_error() */ + + fprintf(stderr, "Unable to allocate memory for cmb_data in service_nt_main_fn()\n"); + return; + } /* mpm_new_argv remains first (of lower significance) */ memcpy (cmb_data, mpm_new_argv->elts, @@ -351,6 +357,8 @@ SetEvent(ctx->service_init); WaitForSingleObject(ctx->service_term, INFINITE); + + free(cmd_data); /* release memory previously allocated by malloc() */ } @@ -454,6 +462,11 @@ */ args->nalloc = args->nelts + svc_args->nelts; cmb_data = malloc(args->nalloc * sizeof(const char *)); + if (cmb_data == NULL) { + /* the fprintf below should be replaced with the appropriate call to ap_log_error() */ + fprintf(stderr, "Unable to allocate memory for cmb_data in mpm_merge_service_args()\n"); + return; + } /* First three args (argv[0], -f, path) remain first */ memcpy(cmb_data, args->elts, args->elt_size * fixed_args); @@ -470,6 +483,8 @@ args->elts = (char *)cmb_data; args->nelts = args->nalloc; + free(cmb_data); /* release memory previously allocated by malloc() */ + return APR_SUCCESS; } @@ -786,6 +801,11 @@ } start_argv = malloc((argc + 1) * sizeof(const char **)); + if (start_argv == NULL) { + /* the fprintf below should be replaced with the appropriate call to ap_log_error() */ + fprintf(stderr, "Unable to allocate memory for start_argv in mpm_service_start()\n"); + return; + } memcpy(start_argv, argv, argc * sizeof(const char **)); start_argv[argc] = NULL; @@ -809,6 +829,8 @@ "%s: Failed to start the service process.", mpm_display_name); + free(start_argv); /* release memory previously allocated by malloc() */ + return rv; }