libFLAC: Add function safe_realloc_()

The new function wraps, realloc() and if the realloc() fails, it
free()s the old pointer.

This is an improvement on the potential realloc() memory leak that
was fixed in 15a9062609.

Still needs fuzzing to validate it.

include/share/alloc.h

@@ -153,11 +153,21 @@ static inline void *safe_malloc_muladd2_(size_t size1, size_t size2, size_t size
 	return malloc(size1*size2);
 }
 
+static inline void *safe_realloc_(void *ptr, size_t size)
+{
+	void *oldptr = ptr;
+	void *newptr = realloc(ptr, size);
+	if(size > 0 && newptr == 0)
+		free(oldptr);
+	return newptr;
+}
 static inline void *safe_realloc_add_2op_(void *ptr, size_t size1, size_t size2)
 {
 	size2 += size1;
-	if(size2 < size1)
+	if(size2 < size1) {
+		free(ptr);
 		return 0;
+	}
 	return realloc(ptr, size2);
 }
 
@@ -192,7 +202,7 @@ static inline void *safe_realloc_mul_2op_(void *ptr, size_t size1, size_t size2)
 		return realloc(ptr, 0); /* preserve POSIX realloc(ptr, 0) semantics */
 	if(size1 > SIZE_MAX / size2)
 		return 0;
-	return realloc(ptr, size1*size2);
+	return safe_realloc_(ptr, size1*size2);
 }
 
 /* size1 * (size2 + size3) */

src/libFLAC/format.c

@@ -39,6 +39,7 @@
 #include <string.h> /* for memset() */
 #include "FLAC/assert.h"
 #include "FLAC/format.h"
+#include "share/alloc.h"
 #include "share/compat.h"
 #include "private/format.h"
 #include "private/macros.h"
@@ -573,17 +574,10 @@ FLAC__bool FLAC__format_entropy_coding_method_partitioned_rice_contents_ensure_s
 	FLAC__ASSERT(object->capacity_by_order > 0 || (0 == object->parameters && 0 == object->raw_bits));
 
 	if(object->capacity_by_order < max_partition_order) {
-		void *oldptr;
-		oldptr = object->parameters;
-		if(0 == (object->parameters = realloc(object->parameters, sizeof(unsigned)*(1 << max_partition_order)))) {
-			free(oldptr);
+		if(0 == (object->parameters = safe_realloc_(object->parameters, sizeof(unsigned)*(1 << max_partition_order))))
 			return false;
-		}
-		oldptr = object->raw_bits;
-		if(0 == (object->raw_bits = realloc(object->raw_bits, sizeof(unsigned)*(1 << max_partition_order)))) {
-			free(oldptr);
+		if(0 == (object->raw_bits = safe_realloc_(object->raw_bits, sizeof(unsigned)*(1 << max_partition_order))))
 			return false;
-		}
 		memset(object->raw_bits, 0, sizeof(unsigned)*(1 << max_partition_order));
 		object->capacity_by_order = max_partition_order;
 	}

src/libFLAC/md5.c

@@ -499,9 +499,8 @@ FLAC__bool FLAC__MD5Accumulate(FLAC__MD5Context *ctx, const FLAC__int32 * const
 		return false;
 
 	if (ctx->capacity < bytes_needed) {
-		FLAC__byte *tmp = realloc(ctx->internal_buf.p8, bytes_needed);
+		FLAC__byte *tmp = safe_realloc_(ctx->internal_buf.p8, bytes_needed);
 		if (0 == tmp) {
-			free(ctx->internal_buf.p8);
 			if (0 == (ctx->internal_buf.p8 = safe_malloc_(bytes_needed)))
 				return false;
 		}

src/libFLAC/metadata_object.c

@@ -954,13 +954,8 @@ FLAC_API FLAC__bool FLAC__metadata_object_seektable_resize_points(FLAC__StreamMe
 			free(object->data.seek_table.points);
 			object->data.seek_table.points = 0;
 		}
-		else {
-			void *oldptr = object->data.seek_table.points;
-			if(0 == (object->data.seek_table.points = realloc(object->data.seek_table.points, new_size))) {
-				free(oldptr);
-				return false;
-			}
-		}
+		else if(0 == (object->data.seek_table.points = safe_realloc_(object->data.seek_table.points, new_size)))
+			return false;
 
 		/* if growing, set new elements to placeholders */
 		if(new_size > old_size) {
@@ -1205,13 +1200,9 @@ FLAC_API FLAC__bool FLAC__metadata_object_vorbiscomment_resize_comments(FLAC__St
 			free(object->data.vorbis_comment.comments);
 			object->data.vorbis_comment.comments = 0;
 		}
-		else {
-			FLAC__StreamMetadata_VorbisComment_Entry *oldptr = object->data.vorbis_comment.comments;
-			if(0 == (object->data.vorbis_comment.comments = realloc(object->data.vorbis_comment.comments, new_size))) {
-				vorbiscomment_entry_array_delete_(oldptr, object->data.vorbis_comment.num_comments);
-				object->data.vorbis_comment.num_comments = 0;
-				return false;
-			}
+		else if(0 == (object->data.vorbis_comment.comments = safe_realloc_(object->data.vorbis_comment.comments, new_size))) {
+			object->data.vorbis_comment.num_comments = 0;
+			return false;
 		}
 
 		/* if growing, zero all the length/pointers of new elements */
@@ -1513,13 +1504,8 @@ FLAC_API FLAC__bool FLAC__metadata_object_cuesheet_track_resize_indices(FLAC__St
 			free(track->indices);
 			track->indices = 0;
 		}
-		else {
-			void *oldptr = track->indices;
-			if(0 == (track->indices = realloc(track->indices, new_size))) {
-				free(oldptr);
-				return false;
-			}
-		}
+		else if(0 == (track->indices = safe_realloc_(track->indices, new_size)))
+			return false;
 
 		/* if growing, zero all the lengths/pointers of new elements */
 		if(new_size > old_size)
@@ -1613,13 +1599,8 @@ FLAC_API FLAC__bool FLAC__metadata_object_cuesheet_resize_tracks(FLAC__StreamMet
 			free(object->data.cue_sheet.tracks);
 			object->data.cue_sheet.tracks = 0;
 		}
-		else {
-			void *oldptr = object->data.cue_sheet.tracks;
-			if(0 == (object->data.cue_sheet.tracks = realloc(object->data.cue_sheet.tracks, new_size))) {
-				free(oldptr);
-				return false;
-			}
-		}
+		else if(0 == (object->data.cue_sheet.tracks = safe_realloc_(object->data.cue_sheet.tracks, new_size)))
+			return false;
 
 		/* if growing, zero all the lengths/pointers of new elements */
 		if(new_size > old_size)

src/share/replaygain_analysis/replaygain_analysis.c

@@ -97,6 +97,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <math.h>
+#include "share/alloc.h"
 #include "share/compat.h"
 #include "share/replaygain_analysis.h"
 
@@ -339,13 +340,8 @@ CreateGainFilter ( long samplefreq )
 static void*
 ReallocateWindowBuffer(unsigned window_size, flac_float_t **window_buffer)
 {
-    void *p = realloc(
-        *window_buffer, sizeof(**window_buffer) * (window_size + MAX_ORDER));
-
-    if (p)
-        *window_buffer = p;
-
-    return p;
+    *window_buffer = safe_realloc_(*window_buffer, sizeof(**window_buffer) * (window_size + MAX_ORDER));
+    return *window_buffer;
 }
 
 static int