[PATCH libICE 10/13] add check for malloc
walter harms
wharms at bfs.de
Wed Oct 18 16:04:46 UTC 2017
>From ea066aa04dd118187ca0289053bc4ca5caa0a4a8 Mon Sep 17 00:00:00 2001
fix a potential null pointer deference error
convert malloc() to calloc() to have valid
null pointers on error. so we can release
already allocated memory
Signed-off-by: Walter Harms <wharms at bfs.de>
---
src/register.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 46 insertions(+), 7 deletions(-)
diff --git a/src/register.c b/src/register.c
index 833714b..2417dd7 100644
--- a/src/register.c
+++ b/src/register.c
@@ -67,7 +67,9 @@ IceRegisterForProtocolSetup (
if (i <= _IceLastMajorOpcode)
{
- p = _IceProtocols[i - 1].orig_client = malloc (sizeof(_IcePoProtocol));
+ p = _IceProtocols[i - 1].orig_client = calloc (1,sizeof(_IcePoProtocol));
+ if (!p)
+ return (-1);
opcodeRet = i;
}
else if (_IceLastMajorOpcode == 255 ||
@@ -82,7 +84,9 @@ IceRegisterForProtocolSetup (
strdup(protocolName);
p = _IceProtocols[_IceLastMajorOpcode].orig_client =
- malloc (sizeof (_IcePoProtocol));
+ calloc (1,sizeof (_IcePoProtocol));
+ if (!p)
+ return (-1);
_IceProtocols[_IceLastMajorOpcode].accept_client = NULL;
@@ -95,15 +99,20 @@ IceRegisterForProtocolSetup (
p->version_count = versionCount;
p->version_recs = malloc (versionCount * sizeof (IcePoVersionRec));
+ if (!p->version_recs)
+ goto out_of_memory;
+
memcpy (p->version_recs, versionRecs,
versionCount * sizeof (IcePoVersionRec));
if ((p->auth_count = authCount) > 0)
{
p->auth_names = malloc (authCount * sizeof (char *));
-
+ if (!p->auth_names);
+ goto out_of_memory;
p->auth_procs = malloc (authCount * sizeof (IcePoAuthProc));
-
+ if (!p->auth_names);
+ goto out_of_memory;
for (i = 0; i < authCount; i++)
{
p->auth_names[i] = strdup(authNames[i]);
@@ -119,6 +128,15 @@ IceRegisterForProtocolSetup (
p->io_error_proc = IOErrorProc;
return (opcodeRet);
+
+out_of_memory:
+ free(p->auth_procs);
+ free(p->auth_names);
+ free(p->version_recs);
+ free(p->release);
+ free(p->vendor);
+ free(p);
+ return (-1);
}
@@ -163,7 +181,10 @@ IceRegisterForProtocolReply (
if (i <= _IceLastMajorOpcode)
{
p = _IceProtocols[i - 1].accept_client =
- malloc (sizeof (_IcePaProtocol));
+ calloc (1,sizeof (_IcePaProtocol));
+ if (!p)
+ return (-1);
+
opcodeRet = i;
}
else if (_IceLastMajorOpcode == 255 ||
@@ -180,7 +201,9 @@ IceRegisterForProtocolReply (
_IceProtocols[_IceLastMajorOpcode].orig_client = NULL;
p = _IceProtocols[_IceLastMajorOpcode].accept_client =
- malloc (sizeof (_IcePaProtocol));
+ calloc (1,sizeof (_IcePaProtocol));
+ if (!p)
+ return (-1);
opcodeRet = ++_IceLastMajorOpcode;
}
@@ -191,6 +214,9 @@ IceRegisterForProtocolReply (
p->version_count = versionCount;
p->version_recs = malloc (versionCount * sizeof (IcePaVersionRec));
+ if (!p->version_recs)
+ goto out_of_memory;
+
memcpy (p->version_recs, versionRecs,
versionCount * sizeof (IcePaVersionRec));
@@ -200,8 +226,12 @@ IceRegisterForProtocolReply (
if ((p->auth_count = authCount) > 0)
{
p->auth_names = malloc (authCount * sizeof (char *));
+ if (!p->auth_names);
+ goto out_of_memory;
p->auth_procs = malloc (authCount * sizeof (IcePaAuthProc));
+ if (!p->auth_names);
+ goto out_of_memory;
for (i = 0; i < authCount; i++)
{
@@ -220,5 +250,14 @@ IceRegisterForProtocolReply (
p->io_error_proc = IOErrorProc;
return (opcodeRet);
-}
+out_of_memory:
+ free(p->auth_procs);
+ free(p->auth_names);
+ free(p->version_recs);
+ free(p->release);
+ free(p->vendor);
+ free(p);
+ return (-1);
+
+}
--
2.1.4
More information about the xorg-devel
mailing list