From 14e94c2d401114171a4110faf23d23f3de87c7a1 Mon Sep 17 00:00:00 2001
From: Jim Garlick <garlick.jim@gmail.com>
Date: Fri, 20 Oct 2023 13:49:01 -0700
Subject: [PATCH] cron: handle ENOMEM without asserting

Problem: cronodate_create() calls xzmalloc() which asserts on
ENOMEM, but cronodate is used in a broker module, so asserting is
inappropriate.

Have cronodate_create() call cmalloc() and return NULL on failure.
Ensure the return value is checked all along the call path from the
cron broker module:

cron_entry_create()
 -> cron_datetime_create()
  -> datetime_entry_from_json()
   -> datetime_entry_create()
    -> cronodate_create()
---
 src/common/libutil/Makefile.am | 1 -
 src/common/libutil/cronodate.c | 7 ++++---
 src/modules/cron/datetime.c    | 9 ++++++++-
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/common/libutil/Makefile.am b/src/common/libutil/Makefile.am
index 98d17ff68e8d..486730ef83d2 100644
--- a/src/common/libutil/Makefile.am
+++ b/src/common/libutil/Makefile.am
@@ -188,7 +188,6 @@ test_cronodate_t_LDADD = \
 	$(builddir)/cronodate.lo \
 	$(top_builddir)/src/common/libidset/libidset.la \
 	$(builddir)/veb.lo \
-	$(builddir)/xzmalloc.lo \
 	$(top_builddir)/src/common/libtap/libtap.la
 
 test_wallclock_t_SOURCES = test/wallclock.c
diff --git a/src/common/libutil/cronodate.c b/src/common/libutil/cronodate.c
index ea58f3413402..ffb2978e42de 100644
--- a/src/common/libutil/cronodate.c
+++ b/src/common/libutil/cronodate.c
@@ -20,7 +20,6 @@
 
 #include "src/common/libczmqcontainers/czmq_containers.h"
 #include "src/common/libidset/idset.h"
-#include "src/common/libutil/xzmalloc.h"
 #include "ccan/str/str.h"
 
 #include "cronodate.h"
@@ -178,9 +177,11 @@ void cronodate_destroy (cronodate_t *d)
 cronodate_t * cronodate_create ()
 {
     int i;
-    cronodate_t *d = xzmalloc (sizeof (*d));
+    cronodate_t *d;
+
+    if (!(d = calloc (1, sizeof (*d))))
+        return NULL;
 
-    memset (d, 0, sizeof (*d));
     for (i = 0; i < TM_MAX_ITEM; i++) {
         struct idset *n = idset_create (tm_unit_max (i) + 1,
                                         IDSET_FLAG_AUTOGROW);
diff --git a/src/modules/cron/datetime.c b/src/modules/cron/datetime.c
index 2b18f69abb5f..c43ca9b77c1f 100644
--- a/src/modules/cron/datetime.c
+++ b/src/modules/cron/datetime.c
@@ -17,6 +17,7 @@
 #include <flux/core.h>
 
 #include "src/common/libutil/cronodate.h"
+#include "src/common/libutil/errno_safe.h"
 
 #include "entry.h"
 
@@ -38,7 +39,10 @@ struct datetime_entry * datetime_entry_create ()
 {
     struct datetime_entry *dt = calloc (1, sizeof (*dt));
     if (dt) {
-        dt->d = cronodate_create ();
+        if (!(dt->d = cronodate_create ())) {
+            ERRNO_SAFE_WRAP (free, dt);
+            return NULL;
+        }
         /*  Fill cronodate set initially. The cronodate object will
          *  be refined when json arguments from user are processed
          */
@@ -52,6 +56,9 @@ static struct datetime_entry * datetime_entry_from_json (json_t *o)
     int i, rc = 0;
     struct datetime_entry *dt = datetime_entry_create ();
 
+    if (!dt)
+        return NULL;
+
     for (i = 0; i < TM_MAX_ITEM; i++) {
         json_t *val;
         /*  Time unit members of the json arguments are optional.