fix lib OOM related leaks / issue & ENSURE_ARRAY_CAP + defensive raw *ptr

dawnlarsson · dawnlarsson · commit 08230773f62f · 2026-02-09T18:22:16.000+01:00
diff --git a/.github/test.c b/.github/test.c
@@ -12070,6 +12070,22 @@ void test_typeof_volatile_inner_zeroed(void)
 }
 #endif
 
+typedef int *IntPtr;
+void test_raw_star_ptr_decl(void)
+{
+    int x = 42;
+    {
+        defer (void)0;
+        raw IntPtr p;
+        p = &x;
+        CHECK_EQ(*p, 42, "raw typedef ptr declaration");
+
+        raw int *q;
+        q = &x;
+        CHECK_EQ(*q, 42, "raw int *q declaration");
+    }
+}
+
 void run_issue_validation_tests(void)
 {
     printf("\n=== ISSUE VALIDATION TESTS ===\n");
@@ -12116,6 +12132,7 @@ void run_issue_validation_tests(void)
     test_label_zeroinit_in_stmt_expr();
     test_typeof_volatile_inner_zeroed();
 #endif
+    test_raw_star_ptr_decl();
 }
 
 int main(void)
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@
 
 Prism is a lightweight and very fast transpiler that makes C safer without changing how you write it.
 
-- **1274 tests** — edge cases, control flow, nightmares, trying hard to break Prism
+- **1276 tests** — edge cases, control flow, nightmares, trying hard to break Prism
 - **Building Real C** — OpenSSL, SQLite, Bash, GNU Coreutils, Make, Curl
 - **Proper transpiler** — tracks typedefs, respects scope, catches unsafe patterns
 - **Opt-out features** Disable parts of the transpiler, like zero-init, with CLI flags
diff --git a/parse.c b/parse.c
@@ -78,15 +78,16 @@ static const uint8_t ident_char[256] = {
     {                                                          \
         if ((count) >= (cap))                                  \
         {                                                      \
-            int new_cap = (cap) == 0 ? (init_cap) : (cap) * 2; \
-            while (new_cap < (count))                          \
+            size_t new_cap = (cap) == 0 ? (init_cap) : (size_t)(cap) * 2; \
+            while (new_cap < (size_t)(count))                  \
                 new_cap *= 2;                                  \
             T *old_ptr_ = (arr);                               \
             T *tmp = realloc((arr), sizeof(T) * new_cap);      \
             if (!tmp)                                          \
             {                                                  \
                 free(old_ptr_);                                \
                 (arr) = NULL;                                  \
+                (cap) = 0;                                     \
                 error("out of memory");                        \
             }                                                  \
             (arr) = tmp;                                       \
@@ -1305,8 +1306,17 @@ static File *new_file(char *name, int file_no, char *contents)
 {
     File *file = calloc(1, sizeof(File));
     if (!file)
+    {
+        free(contents);
         error("out of memory");
+    }
     file->name = strdup(name);
+    if (!file->name)
+    {
+        free(contents);
+        free(file);
+        error("out of memory");
+    }
     file->display_name = file->name;
     file->file_no = file_no;
     file->contents = contents;
@@ -1660,12 +1670,16 @@ static Token *tokenize(File *file)
 // to avoid writing/reading temp files.
 static Token *tokenize_buffer(char *name, char *buf)
 {
-    if (!ctx->keyword_map.capacity)
-        init_keyword_map();
-
     if (!buf)
         return NULL;
 
+    // Init keyword map before new_file() takes ownership of buf.
+    // If init_keyword_map() fails (OOM → longjmp in lib mode), buf hasn't
+    // been stored yet, so the caller can still free it. By failing early
+    // here, we avoid leaking buf.
+    if (!ctx->keyword_map.capacity)
+        init_keyword_map();
+
     File *file = new_file(name, ctx->input_file_count, buf);
     add_input_file(file);
 
@@ -1717,9 +1731,12 @@ void tokenizer_teardown(bool full)
     else
         arena_reset(&ctx->main_arena);
     free_file_view_cache();
-    for (int i = 0; i < ctx->input_file_count; i++)
-        free_file(ctx->input_files[i]);
-    free(ctx->input_files);
+    if (ctx->input_files)
+    {
+        for (int i = 0; i < ctx->input_file_count; i++)
+            free_file(ctx->input_files[i]);
+        free(ctx->input_files);
+    }
     ctx->input_files = NULL;
     ctx->input_file_count = 0;
     ctx->input_file_capacity = 0;
diff --git a/prism.c b/prism.c
@@ -503,9 +503,12 @@ static void emit_system_includes(void)
 static void system_includes_reset(void)
 {
   hashmap_clear(&system_includes);
-  for (int i = 0; i < ctx->system_include_count; i++)
-    free(system_include_list[i]);
-  free(system_include_list);
+  if (system_include_list)
+  {
+      for (int i = 0; i < ctx->system_include_count; i++)
+          free(system_include_list[i]);
+      free(system_include_list);
+  }
   system_include_list = NULL;
   ctx->system_include_count = 0;
   system_include_capacity = 0;
@@ -2133,6 +2136,7 @@ static bool is_var_declaration(Token *type_end)
 static bool is_raw_declaration_context(Token *after_raw)
 {
   return after_raw && (is_type_keyword(after_raw) || is_known_typedef(after_raw) ||
+                       equal(after_raw, "*") ||
                        (after_raw->tag & (TT_QUALIFIER | TT_SUE)));
 }
 
@@ -2782,7 +2786,10 @@ typedef struct
 static inline void argv_builder_add(ArgvBuilder *ab, const char *arg)
 {
   ENSURE_ARRAY_CAP(ab->data, ab->count + 2, ab->capacity, 64, char *);
-  ab->data[ab->count++] = strdup(arg);
+  ab->data[ab->count] = strdup(arg);
+  if (!ab->data[ab->count])
+    error("out of memory");
+  ab->count++;
   ab->data[ab->count] = NULL;
 }
 #define argv_builder_finish(ab) ((ab)->data)
@@ -2940,21 +2947,12 @@ static int make_temp_file(char *buf, size_t bufsize, const char *prefix, int suf
     return -1;
   close(fd);
 #else
-  int fd = mkstemp(buf);
+  // Fallback: use mkstemps where available, otherwise mkstemp.
+  // mkstemps is widely available on any system that has mkstemp.
+  int fd = suffix_len > 0 ? mkstemps(buf, suffix_len) : mkstemp(buf);
   if (fd < 0)
     return -1;
   close(fd);
-  if (suffix_len > 0)
-  {
-    unlink(buf);
-    size_t len = strlen(buf);
-    if (len + suffix_len < bufsize)
-    {
-      buf[len] = '.';
-      buf[len + 1] = 'c';
-      buf[len + 2] = '\0';
-    }
-  }
 #endif
   return 0;
 }
@@ -3143,6 +3141,11 @@ static int transpile_tokens(Token *tok, FILE *fp);
 // This is the original interface used by the CLI and library API.
 static int transpile(char *input_file, char *output_file)
 {
+  // Ensure keyword map is initialized before allocating preprocessor buffer.
+  // If init fails (OOM → longjmp in lib mode), we haven't allocated pp_buf yet.
+  if (!ctx->keyword_map.capacity)
+    init_keyword_map();
+
   // Run system preprocessor via pipe — no temp files
   char *pp_buf = preprocess_with_cc(input_file);
   if (!pp_buf)
