From e60ad47677c1d79cb8f09b25f4f5d8246514b096 Mon Sep 17 00:00:00 2001
From: Federico Mena Quintero <federico@gnome.org>
Date: Thu, 25 Feb 2016 11:37:00 -0600
Subject: [PATCH 1/5] [fix] Check return of malloc() in trie.c

---
 src/trie.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/trie.c b/src/trie.c
index 40d8e652..a1fbaf70 100644
--- a/src/trie.c
+++ b/src/trie.c
@@ -1037,6 +1037,9 @@ trie_t *trie_read(FILE *file) {
     unsigned char *buf;
     size_t buf_size = num_nodes * sizeof(uint32_t) * 2;
     buf = malloc(buf_size);
+    if (buf == NULL) {
+        goto exit_trie_created;
+    }
 
     unsigned char *buf_ptr;
 

From 10c6768b5b5d28672a3c7be7716fd09c764b20e0 Mon Sep 17 00:00:00 2001
From: Federico Mena Quintero <federico@gnome.org>
Date: Thu, 25 Feb 2016 11:38:28 -0600
Subject: [PATCH 2/5] [fix] Don't leak the trie if the number of nodes can't be
 read from a file

---
 src/trie.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/trie.c b/src/trie.c
index a1fbaf70..a2bb15ef 100644
--- a/src/trie.c
+++ b/src/trie.c
@@ -1016,7 +1016,7 @@ trie_t *trie_read(FILE *file) {
 
     uint32_t num_keys;
     if (!file_read_uint32(file, &num_keys)) {
-        goto exit_file_read;
+        goto exit_trie_created;
     }
 
     trie->num_keys = num_keys;

From b172071d3b51fb2a8c723a3e284fc916e21cadef Mon Sep 17 00:00:00 2001
From: Federico Mena Quintero <federico@gnome.org>
Date: Thu, 25 Feb 2016 11:42:50 -0600
Subject: [PATCH 3/5] [fix] Remove superfluous #define; the caller actually
 uses sizeof(DEFAULT_ALPHABET) itself

---
 src/trie.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/trie.c b/src/trie.c
index a2bb15ef..f9206de8 100644
--- a/src/trie.c
+++ b/src/trie.c
@@ -26,8 +26,6 @@ uint8_t DEFAULT_ALPHABET[] = {
 13, 17, 21, 25, 29, 210, 214, 93, 222, 234, 238, 242, 246, 250, 125, 255
 };
 
-#define DEFAULT_ALPHABET_SIZE sizeof(DEFAULT_ALPHABET)
-
 
 /*
 Constructors

From 2ae2450db7956c7d14e8ca36f003ef2c620b0b43 Mon Sep 17 00:00:00 2001
From: Federico Mena Quintero <federico@gnome.org>
Date: Thu, 25 Feb 2016 14:33:18 -0600
Subject: [PATCH 4/5] [fix] Check the return of malloc() in numex.c

---
 src/numex.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/numex.c b/src/numex.c
index 661b1b4a..7fa7fca7 100644
--- a/src/numex.c
+++ b/src/numex.c
@@ -146,6 +146,9 @@ static numex_language_t *numex_language_read(FILE *f) {
     }
 
     char *name = malloc(lang_name_len);
+    if (name == NULL) {
+        return NULL;
+    }
 
     if (!file_read_chars(f, name, lang_name_len)) {
         return NULL;
@@ -326,6 +329,9 @@ static ordinal_indicator_t *ordinal_indicator_read(FILE *f) {
     }
 
     char *key = malloc(key_len);
+    if (key == NULL) {
+        return NULL;
+    }
 
     if (!file_read_chars(f, key, key_len)) {
         return NULL;
@@ -347,6 +353,9 @@ static ordinal_indicator_t *ordinal_indicator_read(FILE *f) {
     }
 
     char *ordinal_suffix = malloc(ordinal_suffix_len);
+    if (ordinal_suffix == NULL) {
+        return NULL;
+    }
 
     if (!file_read_chars(f, ordinal_suffix, ordinal_suffix_len)) {
         return NULL;

From 4eac38c40c38a0edd6b0c0165331d47e4ed4a99f Mon Sep 17 00:00:00 2001
From: Federico Mena Quintero <federico@gnome.org>
Date: Thu, 25 Feb 2016 14:52:12 -0600
Subject: [PATCH 5/5] [fix] Check the return of malloc() in geonames.c

---
 src/geonames.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/src/geonames.c b/src/geonames.c
index 73b3db32..1bf9e42f 100644
--- a/src/geonames.c
+++ b/src/geonames.c
@@ -23,6 +23,10 @@
 */
 geoname_t *geoname_new(void) {
     geoname_t *self = malloc(sizeof(geoname_t));
+    if (self == NULL) {
+        return NULL;
+    }
+
     self->name = char_array_new_size(GEONAMES_NAME_DEFAULT_LENGTH);
     self->canonical = char_array_new_size(GEONAMES_NAME_DEFAULT_LENGTH);
 
@@ -36,6 +40,14 @@ geoname_t *geoname_new(void) {
     self->admin3_code = char_array_new_size(GEONAMES_ADMIN3_CODE_DEFAULT_LENGTH);
     self->admin4_code = char_array_new_size(GEONAMES_ADMIN4_CODE_DEFAULT_LENGTH);
 
+    if (!(self->name && self->canonical && self->iso_language
+          && self->feature_code && self->country_code
+          && self->admin1_code && self->admin2_code
+          && self->admin3_code && self->admin4_code)) {
+        geoname_destroy(self);
+        return NULL;
+    }
+
     return self;
 }
 
@@ -273,6 +285,10 @@ void geoname_print(geoname_t *self) {
 
 gn_postal_code_t *gn_postal_code_new(void) {
     gn_postal_code_t *self = malloc(sizeof(gn_postal_code_t));
+    if (self == NULL) {
+        return NULL;
+    }
+
     self->postal_code = char_array_new_size(GEONAMES_POSTAL_CODE_DEFAULT_LENGTH);
     self->country_code = char_array_new_size(GEONAMES_COUNTRY_CODE_DEFAULT_LENGTH);
     self->containing_geoname = char_array_new_size(GEONAMES_NAME_DEFAULT_LENGTH);
@@ -284,6 +300,12 @@ gn_postal_code_t *gn_postal_code_new(void) {
     self->admin2_ids = uint32_array_new_size(GEONAMES_POSTAL_ADMIN2_IDS_DEFAULT_LENGTH);
     self->admin3_ids = uint32_array_new_size(GEONAMES_POSTAL_ADMIN3_IDS_DEFAULT_LENGTH);
 
+    if (!(self->postal_code && self->country_code && self->containing_geoname
+          && self->admin1_ids && self->admin2_ids && self->admin3_ids)) {
+        gn_postal_code_destroy(self);
+        return NULL;
+    }
+
     return self;
 }